Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squid-cache squid 2.7 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-12524
An issue exists in Squid up to and including 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maint...
Squid-cache Squid
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
605
VMScore
CVE-2014-6270
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based ...
Squid-cache Squid 2.7.stable2
Squid-cache Squid 2.7.stable3
Squid-cache Squid 2.7.stable1
Squid-cache Squid 2.7.stable8
Squid-cache Squid 2.7.stable9
Squid-cache Squid 2.6.stable8
Squid-cache Squid 2.6.stable9
Squid-cache Squid 2.6.stable16
Squid-cache Squid 2.6.stable17
Squid-cache Squid 2.5.stable1
Squid-cache Squid 2.5.stable2
Squid-cache Squid 2.5.stable10
Squid-cache Squid 2.5.stable11
Squid-cache Squid 2.4.stable4
Squid-cache Squid 2.4.stable5
Squid-cache Squid 3.0
Squid-cache Squid 3.0.stable12
Squid-cache Squid 3.0.stable13
Squid-cache Squid 3.0.stable19
Squid-cache Squid 3.0.stable2
Squid-cache Squid 3.0.stable3
Squid-cache Squid 3.0.stable4
578
VMScore
CVE-2020-15049
An issue exists in http/ContentLengthInterpreter.cc in Squid prior to 4.12 and 5.x prior to 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an un...
Squid-cache Squid 2.7
Squid-cache Squid
Fedoraproject Fedora 31
516
VMScore
CVE-2019-18677
An issue exists in Squid 3.x and 4.x up to and including 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origin...
Squid-cache Squid 2.7
Squid-cache Squid
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 30
Fedoraproject Fedora 31
445
VMScore
CVE-2019-18678
An issue exists in Squid 3.x and 4.x up to and including 4.8. It allows malicious users to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and S...
Squid-cache Squid
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 8.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
445
VMScore
CVE-2019-18679
An issue exists in Squid 2.x, 3.x, and 4.x up to and including 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocatio...
Squid-cache Squid 2.7
Squid-cache Squid
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 8.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
445
VMScore
CVE-2012-5643
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x prior to 3.1.22, 3.2.x prior to 3.2.4, and 3.3.x prior to 3.3.0.2 allow remote malicious users to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST r...
Squid-cache Squid 2.6
Squid-cache Squid 2.0
Squid-cache Squid 2.7
Squid-cache Squid 2.2
Squid-cache Squid 2.3
Squid-cache Squid 2.5
Squid-cache Squid 2.1
Squid-cache Squid 2.4
Squid-cache Squid 3.1.0.18
Squid-cache Squid 3.0.stable13
Squid-cache Squid 3.1.21
Squid-cache Squid 3.0
Squid-cache Squid 3.0.stable9
Squid-cache Squid 3.1.13
Squid-cache Squid 3.0.stable20
Squid-cache Squid 3.0.stable14
Squid-cache Squid 3.0.stable3
Squid-cache Squid 3.1.17
Squid-cache Squid 3.1.0.7
Squid-cache Squid 3.1.0.14
Squid-cache Squid 3.0.stable4
Squid-cache Squid 3.1.0.12
445
VMScore
CVE-2010-0639
The htcpHandleTstRequest function in htcp.c in Squid 2.x prior to 2.6.STABLE24 and 2.7 prior to 2.7.STABLE8, and htcp.cc in 3.0 prior to 3.0.STABLE24, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the...
Squid-cache Squid 2.6
Squid-cache Squid 2.7
Squid-cache Squid 2.1
Squid-cache Squid 3.0.stable2
Squid-cache Squid 3.0.stable20
Squid-cache Squid 3.0.stable21
Squid-cache Squid 3.0.stable22
Squid-cache Squid 3.0.stable11
Squid-cache Squid 3.0.stable12
Squid-cache Squid 3.0.stable13
Squid-cache Squid 3.0.stable14
Squid-cache Squid 3.0.stable15
Squid-cache Squid 3.0.stable7
Squid-cache Squid 3.0.stable8
Squid-cache Squid 3.0.stable9
Squid-cache Squid 3.0.stable23
Squid-cache Squid 2.0
Squid-cache Squid 2.5
Squid-cache Squid 2.2
Squid-cache Squid 3.0
Squid-cache Squid 3.0.stable16
Squid-cache Squid 3.0.stable18
445
VMScore
CVE-2009-2855
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote malicious users to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
Squid-cache Squid 2.7
383
VMScore
CVE-2021-28116
Squid up to and including 4.14 and 5.x up to and including 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Squid-cache Squid
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
Debian Debian Linux 11.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »