Vulnerabilities > Squid Cache > Squid > 3.5.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-19 | CVE-2016-2390 | Improper Input Validation vulnerability in Squid-Cache Squid The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message. | 5.9 |
| 2016-04-07 | CVE-2016-3948 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Squid-Cache Squid Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. | 7.5 |
| 2016-04-07 | CVE-2016-3947 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. | 8.2 |