EUVD-2026-31440

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

CVE-2026-8686

CVE-2026-8686 affects coreMQTT’s MQTT v5.0 property parser. The vulnerability is due to missing bounds validation in the parser prior to version 5.0.1, which may allow an MQTT broker to trigger a denial-of-service by sending a crafted packet. Affected component: coreMQTT (MQTT v5.0 property parsi...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

FreeBSD : Gitlab -- vulnerabilities (9d9940e7-071c-11f1-93ca-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9d9940e7-071c-11f1-93ca-2cf05da270f3 advisory. Gitlab reports: Incomplete Validation issue in Web IDE impacts GitLab CE/EE Denial of Service...

SUSE-SU-2025:03075-1 Security update for gimp

This update for gimp fixes the following issues: - CVE-2025-2760: lack of proper validation of user-supplied data in DDS parser can lead to integer overflow and remote code execution bsc1241690...

OpenVPN Security Vulnerabilities

OpenVPN is a software package for creating encrypted tunnels for virtual private networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

PT-2023-18387 · Unknown · Velociraptor

Name of the Vulnerable Software and Affected Versions: Velociraptor versions prior to 0.6.8 Description: The issue is caused by insufficient validation in the PE and OLE parsers, allowing an attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed,...

Amazon Linux AMI : squid (ALAS-2023-1687)

The version of squid installed on the remote host is prior to 3.5.20-17.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1687 advisory. An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of...

Amazon Linux 2 : squid (ALAS-2023-1950)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1950 advisory. An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of...

SUSE CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short que...

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2022-1190)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : squid (EulerOS-SA-2021-2519)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a...

OESA-2021-1240 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service...

Debian DLA-2685-1 : squid3 security update

Several vulnerabilities were discovered in Squid, a proxy caching server. CVE-2021-28651 Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology tha...

Squid 1.0 < 4.14, 5.0 < 5.0.5 DoS Vulnerability (GHSA-m47m-9hvw-7447, SQUID-2021:3)

Squid is prone to a denial of service DoS vulnerability in the Cache Manager. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ALPINE-CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short que...

DEBIAN-CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short que...

CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short que...

CVE-2021-28652

A flaw was found in Squid. A parser validation bug could allow a trusted client with Cache Manager API access privileges to trigger memory leaks, potentially resulting in a denial of service against Squid. The highest threat from this vulnerability is to system availability. Mitigation To mitigat...

Denial Of Service (DoS)

squid is vulnerable to denial of service DoS. The vulnerability exists through an improper parser validation, allowing a trusted client to cause memory leaks through the Cache Manager API...