Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squid squid vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2008-1922
Multiple stack-based buffer overflows in Sarg might allow malicious users to execute arbitrary code via unknown vectors, probably a crafted Squid log file.
Sarg Squid Analysis Report Generator
10
CVSSv2
CVE-2008-1167
Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote malicious users to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third part...
Sarg Squid Analysis Report Generator 2.2.3.1
10
CVSSv2
CVE-2005-0194
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote malicious users to bypass intended ACLs if the administrator ...
Squid Squid 2.0.release
Squid Squid 2.1.patch1
Squid Squid 2.2.pre1
Squid Squid 2.2.pre2
Squid Squid 2.3.devel3
Squid Squid 2.3.stable1
Squid Squid 2.4.stable3
Squid Squid 2.4.stable4
Squid Squid 2.5.stable6
Squid Squid 2.0.patch2
Squid Squid 2.0.pre1
Squid Squid 2.1.release
Squid Squid 2.2.devel3
Squid Squid 2.2.devel4
Squid Squid 2.2.stable5
Squid Squid 2.3.devel2
Squid Squid 2.4.stable1
Squid Squid 2.4.stable2
Squid Squid 2.5.stable4
Squid Squid 2.5.stable5
Squid Squid 2.1.patch2
Squid Squid 2.1.pre1
10
CVSSv2
CVE-2004-0541
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote malicious users to execute arbitrary code via a long password ("pass" variable).
National Science Foundation Squid Web Proxy Cache 2.5 Stable
National Science Foundation Squid Web Proxy Cache 3 Pre
2 EDB exploits
9.3
CVSSv2
CVE-2020-1504
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logg...
Microsoft Excel 2010
1 Article
9.3
CVSSv2
CVE-2008-7249
Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote malicious users to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167.
Pedro Lineu Orso Sarg 2.2.4
7.8
CVSSv2
CVE-2013-1839
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x prior to 3.2.9 and 3.3.x prior to 3.3.3 allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
Squid-cache Squid 3.3.2
Squid-cache Squid 3.2.0.1
Squid-cache Squid 3.2.0.10
Squid-cache Squid 3.2.0.11
Squid-cache Squid 3.2.0.12
Squid-cache Squid 3.2.0.7
Squid-cache Squid 3.2.0.8
Squid-cache Squid 3.2.0.9
Squid-cache Squid 3.2.1
Squid-cache Squid 3.2.0.17
Squid-cache Squid 3.2.0.18
Squid-cache Squid 3.2.0.19
Squid-cache Squid 3.2.0.2
Squid-cache Squid 3.2.6
Squid-cache Squid 3.2.7
Squid-cache Squid 3.2.8
Squid-cache Squid 3.3.0.2
Squid-cache Squid 3.3.1
Squid-cache Squid 3.2.0.14
Squid-cache Squid 3.2.0.16
Squid-cache Squid 3.2.0.3
Squid-cache Squid 3.2.0.5
7.8
CVSSv2
CVE-2006-0046
squid_redirect script in adzapper prior to 2006-01-29 allows remote malicious users to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions.
Cameron Simpson Adzapper 2006-01-24
Cameron Simpson Adzapper 2006-01-01
Cameron Simpson Adzapper 2006-01-23
Cameron Simpson Adzapper 2006-01-05
Cameron Simpson Adzapper 2006-01-15
Cameron Simpson Adzapper 2006-01-29
Cameron Simpson Adzapper 2006-01-25
Cameron Simpson Adzapper 2006-01-07
Cameron Simpson Adzapper 2006-01-28
Cameron Simpson Adzapper 2006-01-14
7.5
CVSSv2
CVE-2020-11945
An issue exists in Squid prior to 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution...
Squid-cache Squid
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
7.5
CVSSv2
CVE-2019-12519
An issue exists in Squid up to and including 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could eith...
Squid-cache Squid
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »