Page 14 of 74 results (0.014 seconds)

CVSS: 5.0EPSS: 5%CPEs: 63EXPL: 0

CVE-2013-0189

https://notcve.org/view.php?id=CVE-2013-0189

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. cachemgr.cgi en Squid v3.1.x, v3.2.x y posiblemente, v3.1.22, v3.2.4 y otras versiones, permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) a través de una solicitud hecha a mano. NOTA: este problema se debe a una solución incorrecta para CVE-2012-5643, posiblemente con un orden incorrecto de argumentos o de comparación incorrecta. • http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743 http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744 http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html http://sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 96%CPEs: 102EXPL: 0

CVE-2012-5643 – squid: cachemgr.cgi memory usage DoS and memory leaks

https://notcve.org/view.php?id=CVE-2012-5643

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. Varias fugas de memoria en tools/cachemgr.cc en cachemgr.cgi en Squid v2.x y v3.x antes de v3.1.22, v3.2.x antes de v3.2.4 y v3.3.x antes de v3.3.0.2 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de (1) cabeceras Content-Length no válidas, (2) largas peticiones POST, o (3) credenciales de autenticación manipuladas. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html http://openwall.com/lists/oss-security/2012/12/17/4 http://rhn.redhat.com/errata& • CWE-20: Improper Input Validation CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.0EPSS: 93%CPEs: 87EXPL: 0

CVE-2011-4096 – squid: Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record

https://notcve.org/view.php?id=CVE-2011-4096

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. La función idnsGrokReply en Squid anterior a v3.1.16 no adecuada de memoria libre, permite a atacantes remotos provocar una denegación de servicio (daemon abortar) a través de una respuesta DNS que contiene un registro CNAME que hace referencia a otro registro CNAME y este contiene un registro vacío. • http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://secunia.com/advisories/46609 http://secunia.com/advisories/47459 http://www.mandriva.com/security/advisories?name=MDVSA-2011:193 http://www.openwall.com/lists/oss-security/2011/10/31/5 http://www.openwall.com/lists/oss-security/2011/11/01/3 http://www.redhat.com& • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 94%CPEs: 71EXPL: 0

CVE-2011-3205 – squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)

https://notcve.org/view.php?id=CVE-2011-3205

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Desbordamiento de búfer en la v3.0 anterior a v3.0.STABLE26, v3.1 anterior a v3.1.15, y v3.2 anterior a v3.2.0.11 permite a servidores remotos Gopher provocar una denegación de servicio (corrupción de memoria y reinicio del demonio) o posiblemente tener un impacto no especificado a través de una respuesta demasiado larga. NOTA: Este problema existe debido a una regresión de CVE-2005-0094. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://openwall.com/lists/oss-security/2011/08/29/2 http://openwall.com/lists/oss-security/2011/08/30/4 http: •

CVSS: 5.0EPSS: 95%CPEs: 55EXPL: 0

CVE-2010-3072 – Squid: Denial of service due internal error in string handling (SQUID-2010:3)

https://notcve.org/view.php?id=CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Las funciones de comparación de cadenas en String.cci en Squid v3.x anteriores a v3.1.8 y v3.2.x anteriores a v3.2.0.2 permite a atacantes remotos provocar una denegación de servicio (desreferenciación a puntero nulo y caída del demonio) a través de una petición manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/41298 http://secunia.com/advisories/41477 http://secunia.com/advisories/41534 http://www.debian.org/security/2010/dsa-2111 http://www.openwall.com/lists/oss-security/2010/09/05/2 http://www.openwall.com/lists/oss-se •