Design/Logic Flaw

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

Design/Logic Flaw

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

CVE-2020-15811

CVE-2020-15811 affects Squid before 4.13 and 5.x before 5.0.4, allowing HTTP Request Splitting that can poison caches by mishandling Transfer-Encoding. The issue is confirmed in vendor advisories (ALAS2SQUID4-2023-006; ALAS-2020-1453; ALAS2-2020-1548) which recommend updating Squid to fixed build...

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

CVE-2020-15810

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

CVE-2020-15810

CVE-2020-15810 affects Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling may succeed against HTTP/HTTPS traffic, leading to cache poisoning and the ability for arbitrary content to be served from upstream caches. When relaxed header parsing is enable...

CVE-2020-15810

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

CVE-2020-15810

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

Security Bulletin: Code injection vulnerability in IBM Spectrum Protect Operations Center (CVE-2020-4693)

Summary Due to improper validation of data prior to export, IBM Spectrum Protect Operations Center may allow an attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2020-4693 DESCRIPTION: IBM Spectrum Protect may allow an attacker to execute arbitrary code on the...

Deserialization of untrusted data

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper...

Rust Cross-Site Scripting Vulnerability

Rust is a general-purpose, compiled programming language. A cross-site scripting vulnerability exists in versions prior to rgb crate 0.8.20, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to read and write data i...

CVE-2020-6571

Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...

Microsoft Windows hevcdecoder_store MKV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of M...

CVE-2020-17404

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-17394

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

IBM Sterling Connect:Direct for UNIX Stack Buffer Overflow Vulnerability

IBM Sterling Connect: Direct is a file-based peer-to-peer file transfer solution from IBM in the United States. A security vulnerability exists in IBM Sterling Connect:Direct for Unix-based platforms. The vulnerability arises from a networked system or product performing operations in memory...

CVE-2020-15810

A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation Disable the relaxed HTTP parser in...

CVE-2020-15810

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...