Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squid squid vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2002-0068
Squid 2.4 STABLE3 and previous versions allows remote malicious users to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
Squid Squid
Redhat Linux 6.2
Redhat Linux 7.1
Redhat Linux 7.2
Redhat Linux 7.0
1 EDB exploit
2.6
CVSSv2
CVE-2002-0069
Memory leak in SNMP in Squid 2.4 STABLE3 and previous versions allows remote malicious users to cause a denial of service.
Squid Squid
Redhat Linux 6.2
Redhat Linux 7.0
Redhat Linux 7.2
Redhat Linux 7.1
6.8
CVSSv2
CVE-2015-5400
Squid prior to 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote malicious users to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Fedoraproject Fedora 22
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Squid-cache Squid
NA
CVE-2021-46784
In Squid 3.x up to and including 3.5.28, 4.x up to and including 4.17, and 5.x prior to 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
Squid-cache Squid
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
10
CVSSv2
CVE-2004-0541
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote malicious users to execute arbitrary code via a long password ("pass" variable).
National Science Foundation Squid Web Proxy Cache 2.5 Stable
National Science Foundation Squid Web Proxy Cache 3 Pre
2 EDB exploits
4.4
CVSSv2
CVE-2019-18932
log.c in Squid Analysis Report Generator (sarg) up to and including 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can ...
Squid Analysis Report Generator Project Squid Analysis Report Generator
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
4.3
CVSSv2
CVE-2021-28116
Squid up to and including 4.14 and 5.x up to and including 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Squid-cache Squid
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4
CVSSv2
CVE-2021-28652
An issue exists in Squid prior to 4.15 and 5.x prior to 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecif...
Squid-cache Squid
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
4.3
CVSSv2
CVE-2019-12529
An issue exists in Squid 2.x up to and including 2.7.STABLE9, 3.x up to and including 3.5.28, and 4.x up to and including 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be d...
Squid-cache Squid 2.7
Squid-cache Squid
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 29
Opensuse Leap 15.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
5
CVSSv2
CVE-2020-8517
An issue exists in Squid prior to 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being ter...
Squid-cache Squid
Opensuse Leap 15.1
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »