rpm package
suse/squid3&distro=SUSE Linux Enterprise Server 11 SP4
pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-9749 | — | < 3.1.23-8.16.36.1 | 3.1.23-8.16.36.1 | Nov 6, 2015 | Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability." | ||
| CVE-2015-5400 | — | < 3.1.23-8.16.30.1 | 3.1.23-8.16.30.1 | Sep 28, 2015 | Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | ||
| CVE-2014-7142 | — | < 3.1.23-8.16.30.1 | 3.1.23-8.16.30.1 | Nov 26, 2014 | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. | ||
| CVE-2014-7141 | — | < 3.1.23-8.16.30.1 | 3.1.23-8.16.30.1 | Nov 26, 2014 | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. | ||
| CVE-2014-6270 | — | < 3.1.23-8.16.30.1 | 3.1.23-8.16.30.1 | Sep 12, 2014 | Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer | ||
| CVE-2014-0128 | — | < 3.1.23-8.16.30.1 | 3.1.23-8.16.30.1 | Apr 14, 2014 | Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. | ||
| CVE-2013-4115 | — | < 3.1.23-8.16.30.1 | 3.1.23-8.16.30.1 | Aug 9, 2013 | Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request. | ||
| CVE-2012-5643 | — | < 3.1.23-8.16.30.1 | 3.1.23-8.16.30.1 | Dec 20, 2012 | Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or | ||
| CVE-2011-4096 | — | < 3.1.23-8.16.30.1 | 3.1.23-8.16.30.1 | Nov 17, 2011 | The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. | ||
| CVE-2011-3205 | — | < 3.1.23-8.16.30.1 | 3.1.23-8.16.30.1 | Sep 6, 2011 | Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unsp |
- CVE-2014-9749Nov 6, 2015affected < 3.1.23-8.16.36.1fixed 3.1.23-8.16.36.1
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
- CVE-2015-5400Sep 28, 2015affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
- CVE-2014-7142Nov 26, 2014affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
- CVE-2014-7141Nov 26, 2014affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
- CVE-2014-6270Sep 12, 2014affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer
- CVE-2014-0128Apr 14, 2014affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
- CVE-2013-4115Aug 9, 2013affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
- CVE-2012-5643Dec 20, 2012affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or
- CVE-2011-4096Nov 17, 2011affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.
- CVE-2011-3205Sep 6, 2011affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unsp
Page 2 of 2