VYPR

rpm package

suse/squid&distro=SUSE Linux Enterprise Module for Server Applications 15 SP4

pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4

Vulnerabilities (10)

  • CVE-2023-49285Dec 4, 2023
    affected < 5.7-150400.3.20.1fixed 5.7-150400.3.20.1

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no kno

  • CVE-2023-49286Dec 4, 2023
    affected < 5.7-150400.3.20.1fixed 5.7-150400.3.20.1

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to

  • CVE-2023-46728Nov 6, 2023
    affected < 5.7-150400.3.15.1fixed 5.7-150400.3.15.1

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. R

  • CVE-2023-46847Nov 3, 2023
    affected < 5.7-150400.3.12.1fixed 5.7-150400.3.12.1

    Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

  • CVE-2023-46848Nov 3, 2023
    affected < 5.7-150400.3.12.1fixed 5.7-150400.3.12.1

    Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

  • CVE-2023-46846Nov 3, 2023
    affected < 5.7-150400.3.12.1fixed 5.7-150400.3.12.1

    SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

  • CVE-2023-46724Nov 1, 2023
    affected < 5.7-150400.3.12.1fixed 5.7-150400.3.12.1

    Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows

  • CVE-2022-41318Dec 25, 2022
    affected < 5.7-150400.3.6.1fixed 5.7-150400.3.6.1

    A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locatio

  • CVE-2022-41317Dec 25, 2022
    affected < 5.7-150400.3.6.1fixed 5.7-150400.3.6.1

    An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

  • CVE-2021-46784Jul 17, 2022
    affected < 5.6-150400.3.3.1fixed 5.6-150400.3.3.1

    In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.