Filtered by vendor Squid-cache
Subscribe
Total
99 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4054 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. | |||||
CVE-2016-4051 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. | |||||
CVE-2015-5400 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2024-02-28 | 6.8 MEDIUM | N/A |
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | |||||
CVE-2016-2569 | 1 Squid-cache | 1 Squid | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. | |||||
CVE-2016-4052 | 2 Canonical, Squid-cache | 2 Ubuntu Linux, Squid | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses. | |||||
CVE-2016-2390 | 1 Squid-cache | 1 Squid | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message. | |||||
CVE-2016-2570 | 1 Squid-cache | 1 Squid | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. | |||||
CVE-2015-3455 | 3 Fedoraproject, Oracle, Squid-cache | 4 Fedora, Linux, Solaris and 1 more | 2024-02-28 | 2.6 LOW | N/A |
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | |||||
CVE-2016-4053 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. | |||||
CVE-2016-2572 | 1 Squid-cache | 1 Squid | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | |||||
CVE-2016-4554 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. | |||||
CVE-2016-3947 | 2 Canonical, Squid-cache | 2 Ubuntu Linux, Squid | 2024-02-28 | 7.5 HIGH | 8.2 HIGH |
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. | |||||
CVE-2016-4555 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. | |||||
CVE-2016-4553 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. | |||||
CVE-2016-2571 | 1 Squid-cache | 1 Squid | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | |||||
CVE-2014-9749 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2024-02-28 | 4.0 MEDIUM | N/A |
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability." | |||||
CVE-2016-3948 | 1 Squid-cache | 1 Squid | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. | |||||
CVE-2016-4556 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. | |||||
CVE-2015-0881 | 1 Squid-cache | 1 Squid | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. | |||||
CVE-2014-7142 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Solaris, Squid | 2024-02-28 | 6.4 MEDIUM | N/A |
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. |