Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cache poisoning vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-15811
An issue exists in Squid prior to 4.13 and 5.x prior to 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security a...
Squid-cache Squid
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
Opensuse Leap 15.2
7.5
CVSSv3
CVE-2020-24606
Squid prior to 4.13 and 5.x prior to 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exi...
Squid-cache Squid
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
Opensuse Leap 15.2
7.3
CVSSv3
CVE-2020-8450
An issue exists in Squid prior to 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
Squid-cache Squid
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.1
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2019-12528
An issue exists in Squid prior to 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
Squid-cache Squid
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
7.8
CVSSv3
CVE-2019-0805
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841...
Microsoft Windows Rt 8.1 -
Microsoft Windows 8.1 -
Microsoft Windows 7 -
Microsoft Windows 10 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1709
Microsoft Windows Server 2016 1803
Microsoft Windows 10 1809
Microsoft Windows Server 2012 -
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 -
Microsoft Windows 10 1607
Microsoft Windows 10 1709
Microsoft Windows Server 2012 R2
Microsoft Windows 10 1703
Microsoft Windows 10 1803
1 EDB exploit
1 Article
NA
CVE-2003-0914
ISC BIND 8.3.x prior to 8.3.7, and 8.4.x prior to 8.4.3, allows remote malicious users to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
Isc Bind 8.2.3
Isc Bind 8.3.2
Isc Bind 8.3.3
Nixu Namesurfer Suite 3.0.1
Isc Bind 8.2.4
Isc Bind 8.2.5
Isc Bind 8.3.4
Isc Bind 8.3.5
Isc Bind 8.3.0
Isc Bind 8.3.1
Isc Bind 8.4.1
Nixu Namesurfer Standard 3.0.1
Isc Bind 8.2.6
Isc Bind 8.2.7
Isc Bind 8.3.6
Isc Bind 8.4
Compaq Tru64 5.1
Compaq Tru64 5.1 Pk3 Bl17
Compaq Tru64 5.1a Pk3 Bl3
Compaq Tru64 5.1a Pk4 Bl21
Freebsd Freebsd 4.6
Freebsd Freebsd 4.6.2
6.1
CVSSv3
CVE-2019-18860
Squid prior to 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
Squid-cache Squid
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Opensuse Leap 15.1
5.9
CVSSv3
CVE-2019-12521
An issue exists in Squid up to and including 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for...
Squid-cache Squid
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
NA
CVE-2009-4022
Unspecified vulnerability in ISC BIND 9.0.x up to and including 9.3.x, 9.4 prior to 9.4.3-P4, 9.5 prior to 9.5.2-P1, 9.6 prior to 9.6.1-P2, and 9.7 beta prior to 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote malicious users to conduct DNS cache...
Isc Bind 9.7.0
Isc Bind 9.6.0
Isc Bind 9.5.1
Isc Bind 9.5.0
Isc Bind 9.4.3
Isc Bind 9.4.0
Isc Bind 9.3.5
Isc Bind 9.3.4
Isc Bind 9.3.1
Isc Bind 9.3.0
Isc Bind 9.2.7
Isc Bind 9.2.4
Isc Bind 9.2.3
Isc Bind 9.2.1
Isc Bind 9.2.0
Isc Bind 9.2
Isc Bind 9.1.1
Isc Bind 9.1.0
Isc Bind 9.1
Isc Bind 9.0.1
Isc Bind 9.0.0
Isc Bind 9.6.1
NA
CVE-2007-2926
ISC BIND 9 up to and including 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote malicious users to guess the next query id and perfor...
Isc Bind 9.3
Isc Bind 9.4
Isc Bind 9.5
Isc Bind 9.5.0
Isc Bind 9.0
Isc Bind 9.1
Isc Bind 9.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »