CLSA-2026-1776879277
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1776879277.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1776879277
- Upstream
- Published
- 2026-04-23T18:38:25Z
- Modified
- 2026-06-01T00:33:26.251745206Z
- Summary
- squid: Fix of 13 CVEs
- Details
-
- CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection
- CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages
- CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from absolute URLs for non-FTP schemes
- CVE-2019-12523: reject URIs with invalid scheme (non-alpha first char) and malformed URN NID
- CVE-2019-12526: add Must() guard in URN response handling to prevent re-entry with zero-length buffer
- CVE-2019-12528: fix FTP directory listing parser info leak from heap into HTTP responses
- CVE-2019-12529: fix Basic auth uudecode out-of-bounds read/write via proper bounds checking
- CVE-2019-13345: fix multiple XSS issues in cachemgr.cgi via rfc1738-escaping user_name and auth parameters
- CVE-2019-18676: cap URI scheme length and reject malformed scheme prefixes to prevent buffer overflow in urlParse
- CVE-2019-18677: prevent CSRF via append_domain truncation by rejecting oversized domain appends
- CVE-2019-18678: reject HTTP headers with whitespace between field-name and colon per RFC 7230 to prevent request splitting
- CVE-2019-18679: remove raw heap pointer from Digest nonce hash input to prevent information disclosure and ASLR bypass
- CVE-2019-18860: fix cachemgr.cgi XSS/info-disclosure via hostname parameter validation
- References