High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-10	CVE-2016-4556	Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. network low complexity squid-cache oracle canonical	7.5
2016-05-10	CVE-2016-4555	Improper Input Validation vulnerability in multiple products client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. network low complexity squid-cache canonical oracle CWE-20	7.5
2016-05-10	CVE-2016-4554	Insufficient Verification of Data Authenticity vulnerability in multiple products mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. network low complexity oracle squid-cache canonical CWE-345	8.6
2016-05-10	CVE-2016-4553	Insufficient Verification of Data Authenticity vulnerability in multiple products client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. network low complexity canonical squid-cache oracle CWE-345	8.6
2016-05-05	CVE-2016-2105	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. network low complexity redhat opensuse oracle apple openssl debian canonical nodejs CWE-190	7.5
2016-05-02	CVE-2016-2117	Information Exposure vulnerability in multiple products The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. network low complexity oracle canonical linux CWE-200	7.5
2016-04-27	CVE-2016-2143	Improper Input Validation vulnerability in multiple products The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. local low complexity linux debian redhat oracle CWE-20	7.8
2016-04-26	CVE-2016-3081	Command Injection vulnerability in multiple products Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. network high complexity apache oracle CWE-77	8.1
2016-04-25	CVE-2016-4054	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. network high complexity canonical squid-cache oracle CWE-119	8.1
2016-04-25	CVE-2016-4051	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. network low complexity canonical oracle squid-cache CWE-119	8.8