Skip to main content
CVE-2016-2569 HIGH Act Now

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 70.3% and no vendor patch available.

Denial Of Service Squid
NVD
CVSS 3.0
7.5
EPSS
70.3%
CVE-2016-2571 HIGH Act Now

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.3% and no vendor patch available.

Denial Of Service Squid
NVD
CVSS 3.0
7.5
EPSS
14.3%
CVE-2015-7261 CRITICAL Act Now

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Authentication Bypass Iartist Lite Signage Station
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-2572 HIGH Act Now

http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.2% and no vendor patch available.

Denial Of Service Squid
NVD
CVSS 3.0
7.5
EPSS
11.2%
CVE-2015-6022 HIGH This Week

Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap RCE File Upload Signage Station
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-2570 HIGH This Week

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid
NVD
CVSS 3.0
7.5
EPSS
5.5%
CVE-2015-6036 HIGH This Week

QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Authentication Bypass Sinage Station
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7262 HIGH This Week

QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Information Disclosure Iartist Lite Signage Station
NVD
CVSS 3.0
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy