Page 23 of 5554 results (0.009 seconds)

CVSS: 8.6EPSS: 3%CPEs: 21EXPL: 0

CVE-2023-46847 – Squid: denial of service in http digest authentication

https://notcve.org/view.php?id=CVE-2023-46847

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Squid es vulnerable a una Denegación de Servicio, donde un atacante remoto puede realizar un ataque de desbordamiento de búfer escribiendo hasta 2 MB de datos arbitrarios en la memoria acumulada cuando Squid está configurado para aceptar la autenticación implícita HTTP. • https://access.redhat.com/errata/RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6267 https://access.redhat.com/errata/RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6801 https://access.redhat.com/errata/RHSA-2023:6803 https://access.redhat.com/errata/RHSA-2023:6804 https://access.redhat.com/errata/RHSA-2023:6805 https://access.redhat.com/errata/RHSA-2023:6810 https://access.redhat.com/errata/RHSA • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.6EPSS: 1%CPEs: 5EXPL: 0

CVE-2023-46848 – Squid: denial of service in ftp

https://notcve.org/view.php?id=CVE-2023-46848

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Squid es vulnerable a la Denegación de Servicio, donde un atacante remoto puede realizar DoS enviando URL ftp:// en mensajes de solicitud HTTP o construyendo URL ftp:// a partir de una entrada nativa FTP. • https://access.redhat.com/errata/RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6748 https://access.redhat.com/security/cve/CVE-2023-46848 https://bugzilla.redhat.com/show_bug.cgi?id=2245919 https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w https://security.netapp.com/advisory/ntap-20231214-0005 • CWE-681: Incorrect Conversion between Numeric Types •

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0

CVE-2023-5824 – Squid: dos against http and https

https://notcve.org/view.php?id=CVE-2023-5824

Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. Squid es vulnerable a ataques de Denegación de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales. A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service. • https://access.redhat.com/errata/RHSA-2023:7465 https://access.redhat.com/errata/RHSA-2023:7668 https://access.redhat.com/errata/RHSA-2024:0072 https://access.redhat.com/errata/RHSA-2024:0397 https://access.redhat.com/errata/RHSA-2024:0771 https://access.redhat.com/errata/RHSA-2024:0772 https://access.redhat.com/errata/RHSA-2024:0773 https://access.redhat.com/errata/RHSA-2024:1153 https://access.redhat.com/security/cve/CVE-2023-5824 https://bugzilla.redhat.com/show • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 9.3EPSS: 1%CPEs: 19EXPL: 0

CVE-2023-46846 – Squid: request/response smuggling in http/1.1 and icap

https://notcve.org/view.php?id=CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. SQUID es vulnerable al contrabando de solicitudes HTTP, causado por la indulgencia de los decodificadores fragmentados, lo que permite a un atacante remoto realizar el contrabando de solicitudes/respuestas a través del firewall y los sistemas de seguridad frontales. • https://access.redhat.com/errata/RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6267 https://access.redhat.com/errata/RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6801 https://access.redhat.com/errata/RHSA-2023:6803 https://access.redhat.com/errata/RHSA-2023:6804 https://access.redhat.com/errata/RHSA-2023:6810 https://access.redhat.com/errata/RHSA-2023:7213 https://access.redhat.com/security/cve&# • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-31026

https://notcve.org/view.php?id=CVE-2023-31026

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service. NVIDIA vGPU Software para Windows y Linux contiene una vulnerabilidad en Virtual GPU Manager (plugin vGPU), donde una desreferencia de puntero NULL puede provocar una denegación de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-476: NULL Pointer Dereference •