squid (SUSE:Linux Enterprise Module for Server Applications 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Server Applications 15 package squid, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (14)
CVE-2019-12525 — CVSS 9.8 (critical): An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses…
CVE-2019-12526 — CVSS 9.8 (critical): An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data…
CVE-2019-12523 — CVSS 9.1 (critical): An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't…
CVE-2019-12527 — CVSS 8.8 (high): An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global…
CVE-2019-12854 — CVSS 7.5 (high): Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access…
CVE-2019-18676 — CVSS 7.5 (high): An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can…
CVE-2019-18679 — CVSS 7.5 (high): An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information…
CVE-2018-19131 — CVSS 6.1 (medium): Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
CVE-2019-18677 — CVSS 6.1 (medium): An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not…
CVE-2018-19132 — CVSS 5.9 (medium): Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
CVE-2019-12529 — CVSS 5.9 (medium): An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic…
CVE-2019-18678 — CVSS 5.3 (medium): An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid…
CVE-2019-3688 — CVSS 5.1 (medium): The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux…