16 matches found
EUVD-2019-4121
Malicious code in bioql PyPI...
Amazon Linux AMI : squid (ALAS-2023-1757)
The version of squid installed on the remote host is prior to 3.5.20-17.46. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1757 advisory. An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTT...
Important: squid
Issue Overview: An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restrict...
Important: squid
Issue Overview: An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restrict...
Authorization Bypass
squid is vulnerable to authorization bypass. When handling a URN request, the corresponding HTTP request that is made does not go through the access checks, allowing an attacker to bypass access checks and gain access to restricted HTTP servers such as HTTP servers listening on localhost...
Arbitrary Code Execution
squid is vulnerable to arbitrary code execution. The vulnerability exists as a heap-based buffer overflow could occur when receiving data from a remote server in response to an URN request, and when squid fails to ensure that the response can fit within the buffer...
CVE-2019-12523
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers,...
Internet Bug Bounty: URN Request bypass ACL Checks
Summary: Attacker can bypass ACL checks gaining access to restricted HTTP servers such as those running on localhost. Attacker could also gain access to CacheManager if VIA header is turned off. Only lines with : will be readable though, and the response must be less than 4096 bytes or it'll...
Internet Bug Bounty: UrnState Heap Overflow
Summary: When handling a URN Request an attacker controlled response can cause Squid to overflow a heap buffer. The buffer exist within a struct so not only does it allow an attacker to overflow adjacent memory, but also control a pointer that follows the buffer enabling them to free arbitrary...
EulerOS 2.0 SP5 : squid (EulerOS-SA-2020-1133)
According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...
CVE-2019-12523
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers,...
CVE-2019-12523
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers,...
CVE-2019-12523
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers,...
UBUNTU-CVE-2019-12523
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers,...
CVE-2019-12523
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers,...
CVE-2019-12523
CVE-2019-12523 affects Squid prior to 4.9, where handling a URN request transforms it into an HTTP request that bypasses the standard incoming HTTP access checks. This allows an attacker to access restricted HTTP servers (e.g., localhost) by bypassing ACLs via the URN path, with potential exposur...