CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
AI Score
Confidence
Low
software: squid 5.9
WASP: ROSA-CHROME
package_evr_string: squid-5.9-2
CVE-ID: CVE-2023-46724
BDU-ID: 2023-07699
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update squid
CVE-ID: CVE-2023-46728
BDU-ID: 2024-01221
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Squid proxy server is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update squid
CVE-ID: CVE-2023-46847
BDU-ID: 2023-07920
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the HTTP Digest Authentication handler of the Squid proxy server is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or other impact
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update squid
CVE-ID: CVE-2023-5824
BDU-ID: 2023-08061
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Squid proxy server related to restrictions applied to validate HTTP response headers before caching. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update squid
CVE-ID: CVE-2023-46848
BDU-ID: 2023-08062
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Squid proxy server related to sending ftp URLs in HTTP request messages or creating ftp URLs from FTP Native input. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update squid
CVE-ID: CVE-2023-46846
BDU-ID: 2023-08063
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the chunked decoder of the Squid proxy server related to the server’s interpretation of fragmented encoding syntax. Exploitation of the vulnerability could allow an attacker acting remotely to communicate directly with the server
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update squid