rpm package
opensuse/squid&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/squid&distro=openSUSE%20Tumbleweed
Vulnerabilities (64)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5400 | — | < 3.5.22-1.1 | 3.5.22-1.1 | Sep 28, 2015 | Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | ||
| CVE-2014-7142 | — | < 3.5.22-1.1 | 3.5.22-1.1 | Nov 26, 2014 | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. | ||
| CVE-2014-7141 | — | < 3.5.22-1.1 | 3.5.22-1.1 | Nov 26, 2014 | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. | ||
| CVE-2012-5643 | — | < 3.5.22-1.1 | 3.5.22-1.1 | Dec 20, 2012 | Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or |
- CVE-2015-5400Sep 28, 2015affected < 3.5.22-1.1fixed 3.5.22-1.1
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
- CVE-2014-7142Nov 26, 2014affected < 3.5.22-1.1fixed 3.5.22-1.1
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
- CVE-2014-7141Nov 26, 2014affected < 3.5.22-1.1fixed 3.5.22-1.1
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
- CVE-2012-5643Dec 20, 2012affected < 3.5.22-1.1fixed 3.5.22-1.1
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or
Page 4 of 4