{"url":"http://public2.vulnerablecode.io/api/packages/226804?format=json","purl":"pkg:deb/debian/squid3@3.0.STABLE8-3%2Blenny5","type":"deb","namespace":"debian","name":"squid3","version":"3.0.STABLE8-3+lenny5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101412?format=json","vulnerability_id":"VCID-2fq8-mupa-gfc9","summary":"Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4054.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4054.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4054","reference_id":"","reference_type":"","scores":[{"value":"0.79915","scoring_system":"epss","scoring_elements":"0.99128","published_at":"2026-06-04T12:55:00Z"},{"value":"0.79915","scoring_system":"epss","scoring_elements":"0.99129","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1329136","reference_id":"1329136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1329136"},{"reference_url":"https://security.gentoo.org/glsa/201607-01","reference_id":"GLSA-201607-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1138","reference_id":"RHSA-2016:1138","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1139","reference_id":"RHSA-2016:1139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1140","reference_id":"RHSA-2016:1140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1140"},{"reference_url":"https://usn.ubuntu.com/2995-1/","reference_id":"USN-2995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2995-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-4054"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fq8-mupa-gfc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101410?format=json","vulnerability_id":"VCID-2zct-5w44-gkag","summary":"Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4053.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4053","reference_id":"","reference_type":"","scores":[{"value":"0.16544","scoring_system":"epss","scoring_elements":"0.95028","published_at":"2026-06-04T12:55:00Z"},{"value":"0.16544","scoring_system":"epss","scoring_elements":"0.95037","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1329136","reference_id":"1329136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1329136"},{"reference_url":"https://security.gentoo.org/glsa/201607-01","reference_id":"GLSA-201607-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1138","reference_id":"RHSA-2016:1138","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1139","reference_id":"RHSA-2016:1139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1140","reference_id":"RHSA-2016:1140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1140"},{"reference_url":"https://usn.ubuntu.com/2995-1/","reference_id":"USN-2995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2995-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-4053"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zct-5w44-gkag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101409?format=json","vulnerability_id":"VCID-4238-kt68-byew","summary":"Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4052.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4052","reference_id":"","reference_type":"","scores":[{"value":"0.23622","scoring_system":"epss","scoring_elements":"0.96087","published_at":"2026-06-04T12:55:00Z"},{"value":"0.23622","scoring_system":"epss","scoring_elements":"0.96092","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1329136","reference_id":"1329136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1329136"},{"reference_url":"https://security.gentoo.org/glsa/201607-01","reference_id":"GLSA-201607-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1138","reference_id":"RHSA-2016:1138","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1139","reference_id":"RHSA-2016:1139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1140","reference_id":"RHSA-2016:1140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1140"},{"reference_url":"https://usn.ubuntu.com/2995-1/","reference_id":"USN-2995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2995-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-4052"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4238-kt68-byew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101400?format=json","vulnerability_id":"VCID-5f1a-x42j-eqhg","summary":"Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5400.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5400.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5400","reference_id":"","reference_type":"","scores":[{"value":"0.24696","scoring_system":"epss","scoring_elements":"0.96242","published_at":"2026-06-04T12:55:00Z"},{"value":"0.24696","scoring_system":"epss","scoring_elements":"0.96247","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5400"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1240741","reference_id":"1240741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1240741"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/226808?format=json","purl":"pkg:deb/debian/squid3@3.1.20-2.2%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fq8-mupa-gfc9"},{"vulnerability":"VCID-2zct-5w44-gkag"},{"vulnerability":"VCID-4238-kt68-byew"},{"vulnerability":"VCID-5f1a-x42j-eqhg"},{"vulnerability":"VCID-c1s2-z4na-afbf"},{"vulnerability":"VCID-dzv1-2tmp-37hz"},{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-kqba-yqhn-hbav"},{"vulnerability":"VCID-n33d-b5uw-1yf2"},{"vulnerability":"VCID-pswa-8aa8-ukhw"},{"vulnerability":"VCID-qajc-u4gq-vfbf"},{"vulnerability":"VCID-tr27-d4mz-yydt"},{"vulnerability":"VCID-vtfj-m8fv-67fz"},{"vulnerability":"VCID-x6a1-9sht-uueb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.1.20-2.2%252Bdeb7u4"},{"url":"http://public2.vulnerablecode.io/api/packages/271852?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fq8-mupa-gfc9"},{"vulnerability":"VCID-2zct-5w44-gkag"},{"vulnerability":"VCID-4238-kt68-byew"},{"vulnerability":"VCID-c1s2-z4na-afbf"},{"vulnerability":"VCID-dzv1-2tmp-37hz"},{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-kqba-yqhn-hbav"},{"vulnerability":"VCID-n33d-b5uw-1yf2"},{"vulnerability":"VCID-pswa-8aa8-ukhw"},{"vulnerability":"VCID-qajc-u4gq-vfbf"},{"vulnerability":"VCID-tr27-d4mz-yydt"},{"vulnerability":"VCID-vtfj-m8fv-67fz"},{"vulnerability":"VCID-x6a1-9sht-uueb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u2~bpo70%252B1"}],"aliases":["CVE-2015-5400"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5f1a-x42j-eqhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101413?format=json","vulnerability_id":"VCID-c1s2-z4na-afbf","summary":"client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4553.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4553.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4553","reference_id":"","reference_type":"","scores":[{"value":"0.82841","scoring_system":"epss","scoring_elements":"0.99264","published_at":"2026-06-04T12:55:00Z"},{"value":"0.82841","scoring_system":"epss","scoring_elements":"0.99265","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334233","reference_id":"1334233","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334233"},{"reference_url":"https://security.gentoo.org/glsa/201607-01","reference_id":"GLSA-201607-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1139","reference_id":"RHSA-2016:1139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1140","reference_id":"RHSA-2016:1140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1140"},{"reference_url":"https://usn.ubuntu.com/2995-1/","reference_id":"USN-2995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2995-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-4553"],"risk_score":1.4,"exploitability":"2.0","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1s2-z4na-afbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112189?format=json","vulnerability_id":"VCID-dzv1-2tmp-37hz","summary":"squid: Information disclosure in HTTP request processing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10002.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10002.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10002","reference_id":"","reference_type":"","scores":[{"value":"0.14676","scoring_system":"epss","scoring_elements":"0.94606","published_at":"2026-06-04T12:55:00Z"},{"value":"0.14676","scoring_system":"epss","scoring_elements":"0.94615","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10002"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1405941","reference_id":"1405941","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1405941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0182","reference_id":"RHSA-2017:0182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0182"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0183","reference_id":"RHSA-2017:0183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0183"},{"reference_url":"https://usn.ubuntu.com/3192-1/","reference_id":"USN-3192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-10002"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzv1-2tmp-37hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101417?format=json","vulnerability_id":"VCID-kks8-56y6-6kew","summary":"The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000024.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000024.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000024","reference_id":"","reference_type":"","scores":[{"value":"0.09177","scoring_system":"epss","scoring_elements":"0.92842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09177","scoring_system":"epss","scoring_elements":"0.92854","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000027","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000027"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1536939","reference_id":"1536939","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1536939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1068","reference_id":"RHSA-2020:1068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1068"},{"reference_url":"https://usn.ubuntu.com/3557-1/","reference_id":"USN-3557-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3557-1/"},{"reference_url":"https://usn.ubuntu.com/4059-2/","reference_id":"USN-4059-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4059-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515595?format=json","purl":"pkg:deb/debian/squid3@3.5.23-5%2Bdeb9u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.5.23-5%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2018-1000024"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kks8-56y6-6kew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101414?format=json","vulnerability_id":"VCID-kqba-yqhn-hbav","summary":"mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4554.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4554.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4554","reference_id":"","reference_type":"","scores":[{"value":"0.6886","scoring_system":"epss","scoring_elements":"0.98645","published_at":"2026-06-04T12:55:00Z"},{"value":"0.6886","scoring_system":"epss","scoring_elements":"0.98646","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334241","reference_id":"1334241","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334241"},{"reference_url":"https://security.gentoo.org/glsa/201607-01","reference_id":"GLSA-201607-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1138","reference_id":"RHSA-2016:1138","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1139","reference_id":"RHSA-2016:1139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1140","reference_id":"RHSA-2016:1140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1140"},{"reference_url":"https://usn.ubuntu.com/2995-1/","reference_id":"USN-2995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2995-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-4554"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqba-yqhn-hbav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101408?format=json","vulnerability_id":"VCID-n33d-b5uw-1yf2","summary":"Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4051.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4051.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4051","reference_id":"","reference_type":"","scores":[{"value":"0.05912","scoring_system":"epss","scoring_elements":"0.90775","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05912","scoring_system":"epss","scoring_elements":"0.90788","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1329126","reference_id":"1329126","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1329126"},{"reference_url":"https://security.gentoo.org/glsa/201607-01","reference_id":"GLSA-201607-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1138","reference_id":"RHSA-2016:1138","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1139","reference_id":"RHSA-2016:1139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1140","reference_id":"RHSA-2016:1140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1140"},{"reference_url":"https://usn.ubuntu.com/2995-1/","reference_id":"USN-2995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2995-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-4051"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n33d-b5uw-1yf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101404?format=json","vulnerability_id":"VCID-pswa-8aa8-ukhw","summary":"http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2571.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2571.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2571","reference_id":"","reference_type":"","scores":[{"value":"0.14329","scoring_system":"epss","scoring_elements":"0.94533","published_at":"2026-06-04T12:55:00Z"},{"value":"0.14329","scoring_system":"epss","scoring_elements":"0.94542","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2571"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1312262","reference_id":"1312262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1312262"},{"reference_url":"https://security.gentoo.org/glsa/201607-01","reference_id":"GLSA-201607-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2600","reference_id":"RHSA-2016:2600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2600"},{"reference_url":"https://usn.ubuntu.com/2921-1/","reference_id":"USN-2921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2921-1/"},{"reference_url":"https://usn.ubuntu.com/3557-1/","reference_id":"USN-3557-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3557-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/226808?format=json","purl":"pkg:deb/debian/squid3@3.1.20-2.2%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fq8-mupa-gfc9"},{"vulnerability":"VCID-2zct-5w44-gkag"},{"vulnerability":"VCID-4238-kt68-byew"},{"vulnerability":"VCID-5f1a-x42j-eqhg"},{"vulnerability":"VCID-c1s2-z4na-afbf"},{"vulnerability":"VCID-dzv1-2tmp-37hz"},{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-kqba-yqhn-hbav"},{"vulnerability":"VCID-n33d-b5uw-1yf2"},{"vulnerability":"VCID-pswa-8aa8-ukhw"},{"vulnerability":"VCID-qajc-u4gq-vfbf"},{"vulnerability":"VCID-tr27-d4mz-yydt"},{"vulnerability":"VCID-vtfj-m8fv-67fz"},{"vulnerability":"VCID-x6a1-9sht-uueb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.1.20-2.2%252Bdeb7u4"},{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-2571"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pswa-8aa8-ukhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101416?format=json","vulnerability_id":"VCID-qajc-u4gq-vfbf","summary":"Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4556.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4556.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4556","reference_id":"","reference_type":"","scores":[{"value":"0.56857","scoring_system":"epss","scoring_elements":"0.98172","published_at":"2026-06-04T12:55:00Z"},{"value":"0.56857","scoring_system":"epss","scoring_elements":"0.98174","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334786","reference_id":"1334786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334786"},{"reference_url":"https://security.gentoo.org/glsa/201607-01","reference_id":"GLSA-201607-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1138","reference_id":"RHSA-2016:1138","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1139","reference_id":"RHSA-2016:1139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1140","reference_id":"RHSA-2016:1140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1140"},{"reference_url":"https://usn.ubuntu.com/2995-1/","reference_id":"USN-2995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2995-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-4556"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qajc-u4gq-vfbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101392?format=json","vulnerability_id":"VCID-t7px-3uvt-a3hn","summary":"HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3609.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3609.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3609","reference_id":"","reference_type":"","scores":[{"value":"0.8285","scoring_system":"epss","scoring_elements":"0.99265","published_at":"2026-06-04T12:55:00Z"},{"value":"0.8285","scoring_system":"epss","scoring_elements":"0.99266","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3609"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3609","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3609"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1134209","reference_id":"1134209","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1134209"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776194","reference_id":"776194","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1147","reference_id":"RHSA-2014:1147","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1148","reference_id":"RHSA-2014:1148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1148"},{"reference_url":"https://usn.ubuntu.com/2327-1/","reference_id":"USN-2327-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2327-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/226808?format=json","purl":"pkg:deb/debian/squid3@3.1.20-2.2%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fq8-mupa-gfc9"},{"vulnerability":"VCID-2zct-5w44-gkag"},{"vulnerability":"VCID-4238-kt68-byew"},{"vulnerability":"VCID-5f1a-x42j-eqhg"},{"vulnerability":"VCID-c1s2-z4na-afbf"},{"vulnerability":"VCID-dzv1-2tmp-37hz"},{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-kqba-yqhn-hbav"},{"vulnerability":"VCID-n33d-b5uw-1yf2"},{"vulnerability":"VCID-pswa-8aa8-ukhw"},{"vulnerability":"VCID-qajc-u4gq-vfbf"},{"vulnerability":"VCID-tr27-d4mz-yydt"},{"vulnerability":"VCID-vtfj-m8fv-67fz"},{"vulnerability":"VCID-x6a1-9sht-uueb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.1.20-2.2%252Bdeb7u4"}],"aliases":["CVE-2014-3609"],"risk_score":1.4,"exploitability":"2.0","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t7px-3uvt-a3hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101407?format=json","vulnerability_id":"VCID-tr27-d4mz-yydt","summary":"Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3948.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3948.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3948","reference_id":"","reference_type":"","scores":[{"value":"0.69622","scoring_system":"epss","scoring_elements":"0.98676","published_at":"2026-06-04T12:55:00Z"},{"value":"0.69622","scoring_system":"epss","scoring_elements":"0.98677","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:M/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323594","reference_id":"1323594","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323594"},{"reference_url":"https://security.gentoo.org/glsa/201607-01","reference_id":"GLSA-201607-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2600","reference_id":"RHSA-2016:2600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2600"},{"reference_url":"https://usn.ubuntu.com/3557-1/","reference_id":"USN-3557-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3557-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-3948"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tr27-d4mz-yydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101418?format=json","vulnerability_id":"VCID-vtfj-m8fv-67fz","summary":"The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000027.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000027.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000027","reference_id":"","reference_type":"","scores":[{"value":"0.65998","scoring_system":"epss","scoring_elements":"0.9853","published_at":"2026-06-04T12:55:00Z"},{"value":"0.65998","scoring_system":"epss","scoring_elements":"0.98533","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000027"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000027","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000027"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1536942","reference_id":"1536942","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1536942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1068","reference_id":"RHSA-2020:1068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1068"},{"reference_url":"https://usn.ubuntu.com/3557-1/","reference_id":"USN-3557-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3557-1/"},{"reference_url":"https://usn.ubuntu.com/4059-2/","reference_id":"USN-4059-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4059-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515595?format=json","purl":"pkg:deb/debian/squid3@3.5.23-5%2Bdeb9u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.5.23-5%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2018-1000027"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vtfj-m8fv-67fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101415?format=json","vulnerability_id":"VCID-x6a1-9sht-uueb","summary":"client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4555.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4555.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4555","reference_id":"","reference_type":"","scores":[{"value":"0.62841","scoring_system":"epss","scoring_elements":"0.98404","published_at":"2026-06-04T12:55:00Z"},{"value":"0.62841","scoring_system":"epss","scoring_elements":"0.98407","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334246","reference_id":"1334246","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334246"},{"reference_url":"https://security.gentoo.org/glsa/201607-01","reference_id":"GLSA-201607-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1139","reference_id":"RHSA-2016:1139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1140","reference_id":"RHSA-2016:1140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1140"},{"reference_url":"https://usn.ubuntu.com/2995-1/","reference_id":"USN-2995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2995-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271853?format=json","purl":"pkg:deb/debian/squid3@3.4.8-6%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kks8-56y6-6kew"},{"vulnerability":"VCID-vtfj-m8fv-67fz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.4.8-6%252Bdeb8u5"}],"aliases":["CVE-2016-4555"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6a1-9sht-uueb"}],"fixing_vulnerabilities":[],"risk_score":"1.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid3@3.0.STABLE8-3%252Blenny5"}