Page 18 of 93 results (0.011 seconds)

CVSS: 6.8EPSS: 94%CPEs: 71EXPL: 0

CVE-2011-3205 – squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)

https://notcve.org/view.php?id=CVE-2011-3205

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Desbordamiento de búfer en la v3.0 anterior a v3.0.STABLE26, v3.1 anterior a v3.1.15, y v3.2 anterior a v3.2.0.11 permite a servidores remotos Gopher provocar una denegación de servicio (corrupción de memoria y reinicio del demonio) o posiblemente tener un impacto no especificado a través de una respuesta demasiado larga. NOTA: Este problema existe debido a una regresión de CVE-2005-0094. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://openwall.com/lists/oss-security/2011/08/29/2 http://openwall.com/lists/oss-security/2011/08/30/4 http: •

CVSS: 5.0EPSS: 34%CPEs: 1EXPL: 0

CVE-2010-2951

https://notcve.org/view.php?id=CVE-2010-2951

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. dns_internal.cc en Squid 3.1.6, cuando la resolución DNS IPv6 no está habilitada, accede a un socket inválido durante una petición DNS TCP IPv4, lo que permite a atacantes remotos provocar una denegación de servicio (por falta de confirmación y salida del demonio) mediante vectores que disparan una respuesta DNS IPv4 con el bit TC configurado. • http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072 http://bugs.gentoo.org/show_bug.cgi?id=334263 http://bugs.squid-cache.org/show_bug.cgi?id=3009 http://bugs.squid-cache.org/show_bug.cgi?id=3021 http://marc.info/?l=squid-users&m=128263555724981&w=2 http://www.openwall.com/lists/oss-security/2010/08/24/6 http://www.openwall.com/lists/oss-security/2010/08/24/7 http://www.openwall.com/lists/oss-security/2010/08/25/2 http://www.o •

CVSS: 5.0EPSS: 95%CPEs: 55EXPL: 0

CVE-2010-3072 – Squid: Denial of service due internal error in string handling (SQUID-2010:3)

https://notcve.org/view.php?id=CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Las funciones de comparación de cadenas en String.cci en Squid v3.x anteriores a v3.1.8 y v3.2.x anteriores a v3.2.0.2 permite a atacantes remotos provocar una denegación de servicio (desreferenciación a puntero nulo y caída del demonio) a través de una petición manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/41298 http://secunia.com/advisories/41477 http://secunia.com/advisories/41534 http://www.debian.org/security/2010/dsa-2111 http://www.openwall.com/lists/oss-security/2010/09/05/2 http://www.openwall.com/lists/oss-se •

CVSS: 4.0EPSS: 13%CPEs: 46EXPL: 0

CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)

https://notcve.org/view.php?id=CVE-2010-0308

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf http://osvdb.org/62044 http://secunia.com/advisories/38451 http://secunia.com/advisories/38455 http://www.securityfocus.com/bid/37522 http://www.securitytracker.com/id?1023520 http://www.squid-cache.org/Advisories/SQUID-2010_1.txt http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www. • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 94%CPEs: 29EXPL: 0

CVE-2009-2622

https://notcve.org/view.php?id=CVE-2009-2622

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. Squid desde v3.0 hasta v3.0.STABLE16 y desde v3.1 hasta v3.1.0.11 permite a atacantes remotos producir una denegación de servicio a través de peticiones mal formadas que incluyen (1) "identificador de protocolo perdido o mal utilizado," (2) "valor de estatus perdido o negativo," (3) "versión perdida," o (4) "número de estatus perdido o inválido", relacionado con HttpMsg.cc y (b) HttpReply.cc. • http://secunia.com/advisories/36007 http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 http://www.securityfocus.com/bid/35812 http://www.securitytracker.com/id?1022607 http://www.squid-cache.org/Advisories/SQUID-2009_2.txt http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch http://www.vupen.com/english/advisories/2009/2013 • CWE-20: Improper Input Validation •