Squid Analysis Report Generator Project Squid Analysis Report Generator (sarg) 2.3.7

CPE Details

Squid Analysis Report Generator Project Squid Analysis Report Generator (sarg) 2.3.7
squid_analysis_report_generator_project
squid_analysis_report_generator
2.3.7
2020-01-28
12h07 +00:00
2020-01-28
12h07 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:squid_analysis_report_generator_project:squid_analysis_report_generator:2.3.7:*:*:*:*:*:*:*

Informations

Vendor

squid_analysis_report_generator_project

Product

squid_analysis_report_generator

Version

2.3.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-18932 2020-01-21 16h52 +00:00 log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.
7
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.