10 matches found
MiracleLinux 7 : squid-3.5.20-15.el7 (AXSA:2020-4563:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4563:01 advisory. squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service CVE-2018-1000024 squid: Incorrect pointer handling in...
SUSE CVE-2016-4051
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data...
CVE-2019-18860
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host aka hostname parameter to cachemgr.cgi...
USN-4059-1 squid, squid3 vulnerabilities
It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-19132 It was discovered that Squid incorrect...
Remote Code Execution (RCE)
squid is vulnerable to remote code execution. It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the mungeotherline function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemg...
Fedora 17 : squid-3.2.5-2.fc17 (2013-1625)
This is security update that fixes multiple memory leaks in cachemgr tool. CVE-2013-0189 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
DEBIAN-CVE-2012-5643
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service memory consumption via 1 invalid Content-Length headers, 2 long POST requests, or 3 crafted authenticatio...
Mandriva Linux Security Advisory : squid (MDVSA-2011:193)
A vulnerability has been discovered and corrected in squid : The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service daemon abort via a DNS reply containing a CNAME record that references another CNAME record that...
Mandriva Linux Security Advisory : squid (MDVSA-2010:033)
A vulnerability have been discovered and corrected in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows remote attackers to cause a denial of service assertion failure via a crafted DNS packet that only contains a header CVE-2010-0308. This update provides a fix to this...
Mandriva Linux Security Advisory : squid (MDVSA-2008:002)
The cache update reply processing functionality in Squid 2.x before 2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial of service crash via unknown vectors related to HTTP headers. The updated package fixes this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...