CVSS: 7.5EPSS: 69%CPEs: 143EXPL: 0CVE-2016-2570 – squid: some code paths fail to check bounds in string object
https://notcve.org/view.php?id=CVE-2016-2570
27 Feb 2016 — The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. El analizador de Edge Side Includes (ESI) en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 no comprueba los limites del buffer durante el análisis gramatical XML, ... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 95%CPEs: 143EXPL: 1CVE-2016-2569 – squid: some code paths fail to check bounds in string object
https://notcve.org/view.php?id=CVE-2016-2569
27 Feb 2016 — Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 no añade datos a objetos String adecuadamente, lo que permite a servidores remotos provocar una denegación de servicio (error de aserción y salida de demonio) a través de una cad... • https://github.com/amit-raut/CVE-2016-2569 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 62%CPEs: 143EXPL: 0CVE-2016-2571 – squid: wrong error handling for malformed HTTP responses
https://notcve.org/view.php?id=CVE-2016-2571
27 Feb 2016 — http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. http.cc en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 procede con el almacenamiento de ciertos datos después de un fallo de respuesta de análisis, lo que permite a servidores HTTP remotos provocar una denegación de ser... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 9.1EPSS: 2%CPEs: 4EXPL: 4CVE-2015-5400 – Debian Security Advisory 3327-1
https://notcve.org/view.php?id=CVE-2015-5400
04 Aug 2015 — Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. Vulnerabilidad en Squid en versiones anteriores a 3.5.6, no maneja adecuadamente las respuestas de pares del método CONNECT cuando se configura con cache_peer, lo que permite a atacantes remotos eludir las restricciones previstas y obtener acceso a un proxy backend a través de una sol... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 1%CPEs: 73EXPL: 0CVE-2015-3455 – squid: incorrect X509 server certificate validation (SQUID-2015:1)
https://notcve.org/view.php?id=CVE-2015-3455
06 May 2015 — Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. Squid 3.2.x en versiones anteriores a 3.2.14, 3.3.x en versiones anteriores a 3.3.14, 3.4.x en versiones anteriores a 3.4.13 y 3.5.x en versiones anteriores a 3.5.4, cuando el primer cliente está configurado me... • http://advisories.mageia.org/MGASA-2015-0191.html • CWE-20: Improper Input Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 7.5EPSS: 7%CPEs: 83EXPL: 0CVE-2014-7142 – Gentoo Linux Security Advisory 201411-11
https://notcve.org/view.php?id=CVE-2014-7142
26 Nov 2014 — The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. El módulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (caída) a través de un tamaño de paquete (1) ICMP o (2) ICMP6 manipulado. Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing cert... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 90%CPEs: 80EXPL: 0CVE-2014-7141 – Gentoo Linux Security Advisory 201411-11
https://notcve.org/view.php?id=CVE-2014-7141
26 Nov 2014 — The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. El módulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (lectura fuera de rango y caída) a través de un tipo manipulado en un paquete (1) ICMP o (2) ICMP6. Due to incorrect state management, Squid before 3.3.12 is vulner... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 11%CPEs: 181EXPL: 0CVE-2014-6270 – Gentoo Linux Security Advisory 201607-01
https://notcve.org/view.php?id=CVE-2014-6270
12 Sep 2014 — Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. Error de superación de límite (off-by-one) en la función snmpHandleUdp en snmp_core.cc en Squid 2.x y 3.x, cuando un puerto SNMP está configurado, permite a atacantes remotos causar una denegación de servicio (caída) o po... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 94%CPEs: 88EXPL: 0CVE-2014-3609 – squid: assertion failure in Range header processing (SQUID-2014:2)
https://notcve.org/view.php?id=CVE-2014-3609
28 Aug 2014 — HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." HttpHdrRange.cc en Squid 3.x anterior a 3.3.12 y 3.4.x anterior a 3.4.6 permite a atacantes remotos causar una denegación de servicio (caída) a través de una solicitud con ' cabeceras de rango con valores de rango de bytes no identificables' manipuladas. A flaw was found in the way Squid handled malfor... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 18%CPEs: 87EXPL: 0CVE-2014-0128 – squid: denial of service when using SSL-Bump
https://notcve.org/view.php?id=CVE-2014-0128
14 Apr 2014 — Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. Squid 3.1 anterior a 3.3.12 y 3.4 anterior a 3.4.4, cuando SSL-Bump está habilitado, permite a atacantes remotos causar una denegación de servicio (fallo de aserción) a través de una solicitud de rango manipulada, relacionado con gestión de estado. Due to incorrect state management, Squid before 3.3.12 is vu... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation •