rpm package
suse/squid&distro=SUSE Manager Retail Branch Server 4.0
pkg:rpm/suse/squid&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-31806 | — | < 4.15-5.26.1 | 4.15-5.26.1 | May 27, 2021 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | ||
| CVE-2021-28662 | — | < 4.15-5.26.1 | 4.15-5.26.1 | May 27, 2021 | An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic. | ||
| CVE-2021-28652 | — | < 4.15-5.26.1 | 4.15-5.26.1 | May 27, 2021 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unsp | ||
| CVE-2021-28651 | — | < 4.15-5.26.1 | 4.15-5.26.1 | May 27, 2021 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can | ||
| CVE-2020-25097 | — | < 4.15-5.26.1 | 4.15-5.26.1 | Mar 19, 2021 | An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configurati |
- CVE-2021-31806May 27, 2021affected < 4.15-5.26.1fixed 4.15-5.26.1
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
- CVE-2021-28662May 27, 2021affected < 4.15-5.26.1fixed 4.15-5.26.1
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.
- CVE-2021-28652May 27, 2021affected < 4.15-5.26.1fixed 4.15-5.26.1
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unsp
- CVE-2021-28651May 27, 2021affected < 4.15-5.26.1fixed 4.15-5.26.1
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can
- CVE-2020-25097Mar 19, 2021affected < 4.15-5.26.1fixed 4.15-5.26.1
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configurati