Lucene search
K

168 matches found

prion
prion
added 2021/03/09 10:15 p.m.60 views

Information disclosure

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody...

4.3CVSS5.9AI score0.13005EPSS
Exploits0References8Affected Software3
ubuntucve
ubuntucve
added 2021/03/09 10:15 p.m.25 views

CVE-2021-28116

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody...

5.3CVSS6.9AI score0.13005EPSS
Exploits0References6
osv
osv
added 2021/03/09 10:15 p.m.1 views

UBUNTU-CVE-2021-28116

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody...

5.3CVSS6.9AI score0.13005EPSS
Exploits0References7
euvd
euvd
added 2021/03/09 9:44 p.m.4 views

EUVD-2021-14817

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody...

5.3CVSS5.9AI score0.13005EPSS
Exploits0References14
cvelist
cvelist
added 2021/03/09 9:44 p.m.29 views

CVE-2021-28116

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody...

3.7CVSS6.3AI score0.13005EPSS
Exploits0References8
cve
cve
added 2021/03/09 9:44 p.m.324 views

CVE-2021-28116

Squid 4.14 and 5.x up to 5.0.5 are affected by an information-disclosure issue due to an out-of-bounds read in WCCP protocol data, which can be chained to remote code execution as nobody. The connected advisories/entries indicate fixes in newer Squid releases (e.g., subsequent 4.15/5.0.6+ variant...

5.3CVSS5.8AI score0.13005EPSS
Exploits0References8Affected Software1
debiancve
debiancve
added 2021/03/09 9:44 p.m.30 views

CVE-2021-28116

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody...

5.3CVSS6.1AI score0.13005EPSS
Exploits0
alpinelinux
alpinelinux
added 2021/03/09 9:44 p.m.36 views

CVE-2021-28116

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody...

5.3CVSS6.1AI score0.13005EPSS
Exploits0
zdi
zdi
added 2021/02/09 12:0 a.m.31 views

(0Day) Squid Cache WCCP Protocol Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Squid Cache. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the WCCP protocol. The issue results from the lack of validating the existen...

5.6CVSS1.6AI score
Exploits0
zdi
zdi
added 2021/02/09 12:0 a.m.24 views

(0Day) Squid Cache WCCP Protocol Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Squid Cache. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the WCCP protocol. The issue results from the lack of proper...

3.7CVSS0.4AI score
Exploits0
nvd
nvd
added 2020/07/01 3:15 p.m.24 views

CVE-2020-5905

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network WCCP page, the system does not sanitize all user-provided data before display...

6CVSS0.00681EPSS
Exploits0References2
osv
osv
added 2020/07/01 3:15 p.m.3 views

CVE-2020-5905

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network WCCP page, the system does not sanitize all user-provided data before display...

4.3CVSS5.8AI score0.00681EPSS
Exploits0References2
prion
prion
added 2020/07/01 3:15 p.m.24 views

Code injection

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network WCCP page, the system does not sanitize all user-provided data before display...

6CVSS5.6AI score0.00681EPSS
Exploits0References2Affected Software11
cvelist
cvelist
added 2020/07/01 2:40 p.m.28 views

CVE-2020-5905

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network WCCP page, the system does not sanitize all user-provided data before display...

5.1AI score0.00681EPSS
Exploits0References2
nessus
nessus
added 2020/07/01 12:0 a.m.31 views

F5 Networks BIG-IP : TMUI vulnerability (K07051153)

In the BIG-IP Configuration utility Network WCCP page, the system does not sanitize all user-provided data before displaying the page.CVE-2020-5905 Impact Authenticated administrative users with access to this page in the Configuration utility may inject code onto the WCCP pages, resulting in a a...

6CVSS5.2AI score0.00681EPSS
Exploits0References2
mageia
mageia
added 2018/02/28 1:55 p.m.66 views

Updated wireshark packages fix security vulnerabilities

The SIGCOMP dissector could crash CVE-2018-7320. Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were susceptible...

7.5CVSS1.1AI score0.02938EPSS
Exploits19References22
openvas
openvas
added 2018/02/26 12:0 a.m.44 views

Wireshark Security Updates (wnpa-sec-2018-05 to wnpa-sec-2018-14) - Windows

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

7.5CVSS8.6AI score0.02743EPSS
Exploits3References10
cnvd
cnvd
added 2018/02/24 12:0 a.m.5 views

Wireshark epan/dissectors/packet-wccp.c file denial of service vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the epan/dissectors/packet-wccp.c file in Wireshark...

7.5CVSS6.7AI score0.02454EPSS
Exploits0References1
osv
osv
added 2018/02/23 10:29 p.m.1 views

DEBIAN-CVE-2018-7323

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing...

7.5CVSS6.8AI score0.02454EPSS
Exploits0References1
nvd
nvd
added 2018/02/23 10:29 p.m.18 views

CVE-2018-7323

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing...

7.5CVSS7.4AI score0.02454EPSS
Exploits0References7
Rows per page
Query Builder