Vulnerabilities (CVE)

Vendor filter

Squid-cache Subscribe

Product filter

Squid Subscribe

Filter

52 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1172 1 Squid-cache 1 Squid 2019-10-09 4.3
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within...
CVE-2018-19132 2 Squid-cache, Debian 2 Squid, Debian Linux 2019-10-03 4.3
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
CVE-2018-1000024 3 Squid-cache, Debian, Canonical 3 Squid, Debian Linux, Ubuntu Linux 2019-10-03 5.0
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This...
CVE-2019-12854 3 Squid-cache, Debian, Fedoraproject 3 Squid, Debian Linux, Fedora 2019-08-28 5.0
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all...
CVE-2019-12529 1 Squid-cache 1 Squid 2019-07-18 4.3
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes...
CVE-2019-12527 1 Squid-cache 1 Squid 2019-07-18 6.8
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer,...
CVE-2019-12525 1 Squid-cache 1 Squid 2019-07-18 7.5
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks...
CVE-2018-1000027 3 Squid-cache, Debian, Canonical 3 Squid, Debian Linux, Ubuntu Linux 2019-07-17 5.0
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the...
CVE-2019-13345 2 Squid-cache, Debian 2 Squid, Debian Linux 2019-07-15 4.3
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
CVE-2018-19131 1 Squid-cache 1 Squid 2018-12-11 4.3
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
CVE-2014-9749 3 Squid-cache, Novell, Opensuse 3 Squid, Opensuse, Opensuse 2018-10-30 4.0
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
CVE-2013-4123 3 Squid-cache, Novell, Opensuse 3 Squid, Opensuse, Opensuse 2018-10-30 5.0
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
CVE-2013-4115 3 Squid-cache, Novell, Opensuse 3 Squid, Opensuse, Opensuse 2018-10-30 7.5
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
CVE-2014-0128 3 Squid-cache, Novell, Opensuse 3 Squid, Opensuse, Opensuse 2018-10-30 5.0
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
CVE-2005-0211 3 Squid, Debian, Squid-cache 3 Debian Linux, Squid, Squid 2018-10-12 7.5
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect...
CVE-2016-3948 1 Squid-cache 1 Squid 2018-03-16 5.0
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
CVE-2016-2571 1 Squid-cache 1 Squid 2018-03-16 5.0
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-2570 1 Squid-cache 1 Squid 2018-03-16 5.0
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted...
CVE-2016-2569 1 Squid-cache 1 Squid 2018-03-16 5.0
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
CVE-2016-2572 1 Squid-cache 1 Squid 2018-01-05 5.0
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.