Log

CVE-2021-31808 edited at 20 May 2021 18:30:03
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Due to an incorrect input validation bug Squid before version 4.15 is vulnerable to a denial of service attack against all clients using the proxy by a trusted client making HTTP Range requests.
References
+ https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
+ http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
CVE-2021-31807 edited at 20 May 2021 18:29:59
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Due to an incorrect input validation bug Squid before version 4.15 is vulnerable to a denial of service attack against all clients using the proxy by a trusted client making HTTP Range requests.
References
+ https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
+ http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
AVG-1975 edited at 20 May 2021 18:29:55
Severity
- Unknown
+ High
CVE-2021-31806 edited at 20 May 2021 18:29:55
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Due to an incorrect input validation bug Squid before version 4.15 is vulnerable to a denial of service attack against all clients using the proxy by a trusted client making HTTP Range requests.
References
+ https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
+ http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
Notes
AVG-1975 created at 20 May 2021 18:26:45
Packages
+ squid
Issues
+ CVE-2021-31806
+ CVE-2021-31807
+ CVE-2021-31808
Status
+ Fixed
Severity
+ Unknown
Affected
+ 4.14-1
Fixed
+ 4.15-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-31807 created at 20 May 2021 18:26:45
AVG-1975 created at 20 May 2021 18:26:45
Packages
+ squid
Issues
+ CVE-2021-31806
+ CVE-2021-31807
+ CVE-2021-31808
Status
+ Fixed
Severity
+ Unknown
Affected
+ 4.14-1
Fixed
+ 4.15-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-31806 created at 20 May 2021 18:26:45
AVG-1975 created at 20 May 2021 18:26:45
Packages
+ squid
Issues
+ CVE-2021-31806
+ CVE-2021-31807
+ CVE-2021-31808
Status
+ Fixed
Severity
+ Unknown
Affected
+ 4.14-1
Fixed
+ 4.15-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-31808 created at 20 May 2021 18:26:45
AVG-1974 edited at 20 May 2021 18:23:30
Severity
- Unknown
+ Low
CVE-2021-33194 edited at 20 May 2021 18:23:30
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Version v0.0.0-20210520170846-37e1c6afe023 of golang.org/x/net fixes a vulnerability in the golang.org/x/net/html package which could cause a denial of service. An attacker can craft an input to ParseFragment that would cause it to enter an infinite loop and never return.
References
+ https://groups.google.com/g/golang-announce/c/wPunbCPkWUg/m/ifcDT_DbCwAJ
+ https://github.com/golang/go/issues/46288
+ https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7
Notes
AVG-1974 created at 20 May 2021 18:21:57
Packages
+ golang-golang-x-net
Issues
+ CVE-2021-33194
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 0.0.20191210-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-33194 created at 20 May 2021 18:21:57
ASA-202105-15 edited at 20 May 2021 18:09:30
ASA-202105-14 edited at 20 May 2021 18:09:25