Lucene search
K

79 matches found

Prion
Prion
added 2018/02/09 11:29 p.m.26 views

Null pointer dereference

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via...

5CVSS7.4AI score0.13149EPSS
Exploits0References9Affected Software3
NVD
NVD
added 2018/02/09 11:29 p.m.22 views

CVE-2018-1000024

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server...

7.5CVSS7.5AI score0.08077EPSS
Exploits0References6
OSV
OSV
added 2018/02/09 11:29 p.m.27 views

CVE-2018-1000027

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via...

7.5CVSS7.8AI score
Exploits0References9
CVE
CVE
added 2018/02/09 11:0 p.m.323 views

CVE-2018-1000024

The CVE-2018-1000024 vulnerability affects Squid HTTP Caching Proxy (versions 3.0–3.5.27 and 4.0–4.0.22). It is caused by Incorrect Pointer Handling in ESI Response Processing, enabling a Denial of Service when a remote server delivers an HTTP response payload with valid but unusual ESI syntax. I...

7.5CVSS7.5AI score0.08077EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2018/02/09 11:0 p.m.25 views

CVE-2018-1000027

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via...

7.5AI score0.13149EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2018/02/09 11:0 p.m.33 views

CVE-2018-1000027

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via...

7.5CVSS7.8AI score0.13149EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2018/02/09 11:0 p.m.28 views

CVE-2018-1000024

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server...

7.5CVSS7.7AI score0.08077EPSS
Exploits0
OSV
OSV
added 2018/02/02 12:0 a.m.28 views

DLA-1267-1 squid - security update

Bulletin has no description...

7.5CVSS7.5AI score0.13149EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2018/01/29 3:20 p.m.52 views

CVE-2018-1000027

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via...

7.5CVSS1.7AI score0.13149EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/12 12:0 a.m.5 views

Squid Security Bypass Vulnerability (CNVD-2016-03061)

Squid full name Squid Cache is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security bypass vulnerability exists in the mimeheader.cc file in versions of Squid prior to...

8.6CVSS7.6AI score0.38893EPSS
Exploits0References1
OSV
OSV
added 2016/05/10 7:59 p.m.11 views

CVE-2016-4554

mimeheader.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue...

8.6CVSS8.4AI score
Exploits0References17
OSV
OSV
added 2016/04/25 2:59 p.m.10 views

CVE-2016-4052

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes ESI responses...

8.1CVSS8.6AI score
Exploits0References17
OSV
OSV
added 2016/04/19 9:59 p.m.6 views

CVE-2016-2390

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service application crash via a plaintext HTTP message...

5.9CVSS8.3AI score
Exploits0References7
OSV
OSV
added 2016/04/07 6:59 p.m.8 views

CVE-2016-3948

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers...

7.5CVSS7.4AI score
Exploits0References9
OSV
OSV
added 2016/02/27 5:59 a.m.7 views

CVE-2016-2571

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a malformed response...

7.5CVSS7.3AI score
Exploits0References13
OSV
OSV
added 2014/09/12 2:55 p.m.9 views

CVE-2014-6270

Off-by-one error in the snmpHandleUdp function in snmpcore.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow...

9AI score
Exploits0References14
OSV
OSV
added 2014/09/11 6:55 p.m.6 views

CVE-2014-3609

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service crash via a request with crafted "Range headers with unidentifiable byte-range values."...

6.2AI score
Exploits0References14
OSV
OSV
added 2010/02/15 6:30 p.m.1 views

DEBIAN-CVE-2010-0639

The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via crafted packets to the HTCP port...

5CVSS6.8AI score0.30558EPSS
Exploits1References1
OSV
OSV
added 2010/02/03 6:30 p.m.8 views

CVE-2010-0308

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service assertion failure via a crafted DNS packet that only contains a header...

6.2AI score
Exploits0References13
OSV
OSV
added 2010/02/03 6:30 p.m.1 views

DEBIAN-CVE-2010-0308

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service assertion failure via a crafted DNS packet that only contains a header...

4CVSS6.9AI score0.22858EPSS
Exploits0References1
Rows per page
Query Builder