Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squid-cache squid vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-18677
An issue exists in Squid 3.x and 4.x up to and including 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origin...
Squid-cache Squid 2.7
Squid-cache Squid
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 30
Fedoraproject Fedora 31
6.1
CVSSv3
CVE-2019-13345
The cachemgr.cgi web module of Squid up to and including 4.7 has XSS via the user_name or auth parameter.
Squid-cache Squid
Debian Debian Linux 8.0
6.1
CVSSv3
CVE-2018-19131
Squid prior to 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
Squid-cache Squid
1 Github repository
5.9
CVSSv3
CVE-2019-12521
An issue exists in Squid up to and including 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for...
Squid-cache Squid
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
5.9
CVSSv3
CVE-2019-12529
An issue exists in Squid 2.x up to and including 2.7.STABLE9, 3.x up to and including 3.5.28, and 4.x up to and including 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be d...
Squid-cache Squid 2.7
Squid-cache Squid
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 29
Opensuse Leap 15.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
5.9
CVSSv3
CVE-2018-19132
Squid prior to 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
Squid-cache Squid
Debian Debian Linux 8.0
5.9
CVSSv3
CVE-2018-1172
This vulnerability allows remote malicious users to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCh...
Squid-cache Squid 3.5.27
5.9
CVSSv3
CVE-2016-2390
The FwdState::connectedToPeer method in FwdState.cc in Squid prior to 3.5.14 and 4.0.x prior to 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote malicious users to cause a denial of service (application crash) via ...
Squid-cache Squid 4.0.5
Squid-cache Squid 4.0.4
Squid-cache Squid
5.3
CVSSv3
CVE-2023-46846
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote malicious user to perform Request/Response smuggling past firewall and frontend security systems.
Squid-cache Squid
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Eus 9.0
Redhat Enterprise Linux Server Tus 8.8
Redhat Enterprise Linux Eus 8.8
Redhat Enterprise Linux Server Aus 9.2
Redhat Enterprise Linux Eus 9.2
Redhat Enterprise Linux For Power Little Endian 8.0 Ppc64le
Redhat Enterprise Linux For Ibm Z Systems 8.0 S390x
Redhat Enterprise Linux For Arm 64 8.0 Aarch64
Redhat Enterprise Linux Server Tus 9.2
5.3
CVSSv3
CVE-2021-28116
Squid up to and including 4.14 and 5.x up to and including 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Squid-cache Squid
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »