FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f9ada0b5-3d80-11ed-9330-080027f5fec9	squid -- Exposure of sensitive information in cache manager Mikhail Evdokimov (aka konata) reports: Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The available cache manager information contains records of internal network structure, client credentials, client identity and client traffic behaviour. Discovery 2022-04-17 Entry 2022-09-26 squid < 5.7 CVE-2022-41317 https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq
a8fb8e3a-730d-11ee-ab61-b42e991fc52e	squid -- Multiple vulnerabilities The squid-cache project reports: Denial of Service in FTP Request/Response smuggling in HTTP/1.1 and ICAP Denial of Service in HTTP Digest Authentication Discovery 2023-10-21 Entry 2023-10-25 squid < 6.4 https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g

VuXML ID

Description

f9ada0b5-3d80-11ed-9330-080027f5fec9

squid -- Exposure of sensitive information in cache manager

Mikhail Evdokimov (aka konata) reports:

Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The available cache manager information contains records of internal network structure, client credentials, client identity and client traffic behaviour.

Discovery 2022-04-17
Entry 2022-09-26
squid

< 5.7

CVE-2022-41317
https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq

a8fb8e3a-730d-11ee-ab61-b42e991fc52e

squid -- Multiple vulnerabilities

The squid-cache project reports:

Denial of Service in FTP

Request/Response smuggling in HTTP/1.1 and ICAP

Denial of Service in HTTP Digest Authentication

Discovery 2023-10-21
Entry 2023-10-25
squid

< 6.4

https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g