86 matches found
SUSE-SU-2024:1131-1 Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: - CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing bsc1220239. - CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request header parsing bsc1220242. - CVE-2024-26146: Fixed a...
SUSE-SU-2024:0946-1 Security update for rubygem-rack-1_4
This update for rubygem-rack-14 fixes the following issues: - CVE-2024-25126: Fixed a Denial of Service Vulnerability in Rack Content-Type Parsing bsc1220239 - CVE-2024-26141: Fixed a Denial of Service Vulnerability in Range request header parsing bsc1220242 - CVE-2024-26146: Fixed a Denial of...
Amazon Linux 2 : squid (ALASSQUID4-2023-004)
The version of squid installed on the remote host is prior to 4.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2SQUID4-2023-004 advisory. Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an...
GHSA-VJ2M-9F5J-MPR5 Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware
Vapor is an HTTP web framework for Swift and middleware is a logic chain between the client and a Vapor route handler. FileMiddleware enables the serving of assets from the Public folder of a project to the client. Vapor before 4.60.3 is vulnerable to denial of service due to an integer overflow...
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware
Vapor is an HTTP web framework for Swift and middleware is a logic chain between the client and a Vapor route handler. FileMiddleware enables the serving of assets from the Public folder of a project to the client. Vapor before 4.60.3 is vulnerable to denial of service due to an integer overflow...
Amazon Linux AMI : squid (ALAS-2023-1687)
The version of squid installed on the remote host is prior to 3.5.20-17.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1687 advisory. An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of...
Amazon Linux 2 : squid (ALAS-2023-1950)
The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1950 advisory. An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of...
SUSE CVE-2013-1736
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via...
SUSE CVE-2014-0128
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service assertion failure via a crafted range request, related to state management...
SUSE CVE-2021-31808
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack against all clients using the proxy. A client sends an HTTP Range request to trigger this...
CVE-2022-31005 Integer Overflow in Vapor's HTTP Range Request
Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a...
Oracle Linux 8 : squid:4 (ELSA-2021-4292)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4292 advisory. libecap squid 7:4.15-1 - new version 4.15 - Resolves: 1964384 - squid:4 rebase to 4.15 7:4.11-5 - Resolves: 1944261 - CVE-2020-25097 squid:4/squid:...
EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-2618)
According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving ...
EulerOS 2.0 SP5 : squid (EulerOS-SA-2021-2519)
According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2021-2433)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : squid (EulerOS-SA-2021-2433)
According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default...
EulerOS 2.0 SP8 : squid (EulerOS-SA-2021-2317)
According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack agains...
Debian DLA-2685-1 : squid3 security update
Several vulnerabilities were discovered in Squid, a proxy caching server. CVE-2021-28651 Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology tha...
CVE-2021-31807
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...
Ubuntu 18.04 LTS / 20.04 LTS : Squid vulnerabilities (USN-4981-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4981-1 advisory. Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cau...