Lucene search
K

122 matches found

Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.8 views

RockyLinux 8 : squid:4 (RLSA-2024:1375)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1375 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service i...

8.6CVSS7AI score0.88864EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 10:20 p.m.13 views

CVE-2022-33223

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding...

7.5CVSS6.8AI score0.00383EPSS
Exploits0References1
OSV
OSV
added 2025/02/04 6:29 p.m.7 views

CLSA-2025-1738693764 squid: Fix of CVE-2024-25111

CVE-2024-25111: Fix uncontrolled recursion bug in HTTP Chunked decoder to prevent DoS attack...

8.6CVSS5.8AI score0.65254EPSS
Exploits0References1
Amazon
Amazon
added 2024/08/29 12:0 a.m.4 views

Important: docker

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

10CVSS7AI score0.02983EPSS
Exploits0
NVD
NVD
added 2024/07/26 10:15 a.m.25 views

CVE-2024-35161

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...

9.1CVSS0.0097EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/07/26 10:15 a.m.25 views

CVE-2024-35161

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...

9.1CVSS7AI score0.0097EPSS
Exploits0References3
CVE
CVE
added 2024/07/26 9:10 a.m.94 views

CVE-2024-35161

CVE-2024-35161 affects Apache Traffic Server. Versions 8.0.0–8.1.10 and 9.0.0–9.2.4 forward malformed HTTP chunked trailer sections to origin servers, enabling potential request smuggling and, if the origin is vulnerable, cache poisoning. Debian and Tenable advisories confirm multiple vendors iss...

9.1CVSS6.6AI score0.0097EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2024/05/28 12:0 a.m.4 views

Medium: amazon-ecr-credential-helper

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.7AI score0.91969EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/05/13 1:42 a.m.33 views

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.6CVSS7.3AI score0.65254EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/13 12:0 a.m.31 views

RHEL 8 : squid:4 (RHSA-2024:2822)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2822 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: Denial of Service in HTTP...

8.6CVSS7.8AI score0.65254EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/09 12:0 a.m.49 views

RHEL 8 : squid:4 (RHSA-2024:2777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2777 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: denial of...

8.6CVSS7.1AI score0.88864EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/04/25 12:0 a.m.28 views

Fedora 38 : squid (2024-a414a81d47)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a414a81d47 advisory. - New squid 6.9 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

8.6CVSS7.1AI score0.65254EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/04/25 12:0 a.m.33 views

Fedora 39 : squid (2024-bd8c6c6926)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bd8c6c6926 advisory. - New squid 6.9 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

8.6CVSS7.1AI score0.65254EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2024/04/23 11:20 a.m.72 views

USN-6728-3: Squid vulnerability

USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update. We apologize for the inconvenience...

8.6CVSS6.5AI score0.88864EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/17 12:0 a.m.38 views

RHEL 9 : squid (RHSA-2024:1833)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1833 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Deni...

8.6CVSS7.1AI score0.88864EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/04/17 12:0 a.m.37 views

RHEL 8 : squid:4 (RHSA-2024:1832)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1832 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Denial of...

8.6CVSS7.1AI score0.88864EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/16 10:45 a.m.39 views

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this...

8.6CVSS6.8AI score0.88864EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/04/16 10:45 a.m.4 views

squid: Denial of Service in HTTP Chunked Decoding

A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service...

8.6CVSS5.8AI score0.65254EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/04/10 12:0 a.m.61 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Squid vulnerabilities (USN-6728-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6728-1 advisory. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to caus...

8.6CVSS6.8AI score0.88864EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/04/08 9:13 a.m.4 views

nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...

7.5CVSS7.1AI score0.03168EPSS
Exploits0References4
Rows per page
Query Builder