Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Information Disclosure
Linux
Solaris
Squid
Fedora
NVD
CVSS 2.0
2.6
EPSS
6.5%
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity.
Docker
Privilege Escalation
NVD
CVSS 2.0
3.6
EPSS
0.1%