541 matches found
Fedora: Security Advisory for squid (FEDORA-2023-df4923cddc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Denial Of Service (DoS)
libsquid.so is vulnerable to Denial of Service DoS. An attacker is able to exploit this vulnerability by sending a specially crafted Gopher request to a vulnerable Squid server. The request would cause the Squid server to allocate a large amount of memory, which would eventually exhaust the...
The vulnerability of the Gopher network protocol implementation in Squid proxy servers allows attackers to induce service failures.
The vulnerability of the Gopher network protocol implementation in Squid proxy servers is related to pointer dereferencing errors. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Squid DoS Vulnerability (GHSA-cg5h-v6vc-w33f, SQUID-2021:8)
Squid is prone to a denial of service DoS vulnerability in the Gopher gateway. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Amazon Linux 2 : squid (ALASSQUID4-2023-003)
The version of squid installed on the remote host is prior to 4.15-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2SQUID4-2023-003 advisory. In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occ...
PT-2023-8580 · Squid +10 · Squid +11
Name of the Vulnerable Software and Affected Versions: Squid versions prior to 6.0.1 Description: The issue is related to a NULL pointer dereference bug in Squid's Gopher gateway, making it vulnerable to a Denial of Service attack. The gopher protocol is always available and enabled in Squid prio...
Important: squid
Issue Overview: In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. CVE-2021-46784 Affected Packages: squid Note: This advisory is applicable to Amazon Linux 2 - Squid4...
Squid DoS Vulnerability (GHSA-jm7h-w5q5-jpq9, SQUID-2020:13)
Squid is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...
Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks
The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022. Symantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is "going to great lengths to...
PT-2023-6221 · Squid · Squid
Name of the Vulnerable Software and Affected Versions: Squid affected versions not specified Description: The issue is related to the implementation of the Gopher proxy server protocol in Squid, which is associated with pointer dereference errors. Exploitation of this issue could allow a remote...
SUSE CVE-2005-0094
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service crash via crafted responses...
SUSE CVE-2010-3177
Multiple cross-site scripting XSS vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a 1 file or 2 directory on a Gopher server...
SUSE CVE-2011-3205
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service memory corruption and daemon restart or possibly have unspecified other impac...
SUSE CVE-2021-46784
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses...
SUSE CVE-2022-42915
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...
Important: squid
Issue Overview: In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. CVE-2021-46784 A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI an...
sqldump SQL注入漏洞
sqldump is a Gopher Gala open source widget for database management. SQL injection vulnerability exists in sqldump , the vulnerability stems from unknown code effects , the operation leads to SQL injection...
curl: HTTP proxy double-free
A vulnerability was found in curl. The issue occurs if curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL. It sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this...
ALPINE-CVE-2022-42915
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...
AZL-11368 CVE-2022-42915 affecting package curl for versions less than 7.86.0-1
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...