DelegateCVEs & Vulnerabilities

9 CVEs affecting Delegate products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

delegate 97
CVE-2015-7556HIGHpoc

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.

15 Jan 2020
7.8
CVSS
CVE-2006-2072MEDIUM

Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite.

28 Apr 2006
5.0
CVSS
CVE-2005-0036MEDIUM

The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.

31 Dec 2005
5.0
CVSS
CVE-2005-0861HIGH

Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays."

2 May 2005
7.5
CVSS
CVE-2004-0789MEDIUM

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

31 Dec 2004
5.0
CVSS
CVE-2004-2003HIGHpoc

Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field.

6 May 2004
7.5
CVSS
CVE-2002-1781HIGH

Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy.

31 Dec 2002
7.5
CVSS
CVE-2001-1202HIGHpoc

Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.

28 Dec 2001
7.5
CVSS
CVE-1999-1338MEDIUM

Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions.

21 Jul 1999
5.0
CVSS
← PrevPage 1 / 1Next →