golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

Cross site request forgery (csrf)

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cachepeer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request...

Squid CONNECT Method Peer Response Processing Security Control Bypass Vulnerability

Squid cache or Squid for short is a popular free software GNU General Public License proxy server and web caching server. Squid cache fails to properly handle CONNECT method peer-to-peer replies, allowing remote attackers to access backend proxies by exploiting security controls that bypass the...