Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squid-cache squid vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41318
A buffer over-read exists in libntlmauth in Squid 2.5 up to and including 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these loc...
Squid-cache Squid
NA
CVE-2023-49285
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no kno...
Squid-cache Squid
NA
CVE-2023-49286
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to...
Squid-cache Squid
NA
CVE-2023-49288
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured wi...
Squid-cache Squid
4.4
CVSSv2
CVE-2019-12522
An issue exists in Squid up to and including 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compr...
Squid-cache Squid
4.3
CVSSv2
CVE-2015-0881
CRLF injection vulnerability in Squid prior to 3.1.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
Squid-cache Squid
4.3
CVSSv2
CVE-2018-19131
Squid prior to 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
Squid-cache Squid
1 Github repository
4
CVSSv2
CVE-2020-14059
An issue exists in Squid 5.x prior to 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.
Squid-cache Squid
4.3
CVSSv2
CVE-2018-1172
This vulnerability allows remote malicious users to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCh...
Squid-cache Squid 3.5.27
5
CVSSv2
CVE-2012-2213
Squid 3.1.9 allows remote malicious users to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a ...
Squid-cache Squid 3.1.9
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »