Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squid vulnerabilities and exploits
(subscribe to this query)
4.5
CVSSv3
CVE-2019-12522
An issue exists in Squid up to and including 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compr...
Squid-cache Squid
NA
CVE-2024-25111
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote malicious user to cause Denial of Service when se...
NA
CVE-2024-25617
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to p...
NA
CVE-2014-9749
Squid 3.4.4 up to and including 3.4.11 and 3.5.0.1 up to and including 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
Squid-cache Squid 3.4.10
Squid-cache Squid 3.4.12
Squid-cache Squid 3.4.5
Squid-cache Squid 3.4.6
Squid-cache Squid 3.4.7
Squid-cache Squid 3.4.8
Squid-cache Squid 3.5.0.1
Squid-cache Squid 3.5.0.2
Squid-cache Squid 3.5.0.3
Squid-cache Squid 3.5.0.4
Squid-cache Squid 3.4.4
Squid-cache Squid 3.4.9
Squid-cache Squid 3.4.11
Squid-cache Squid 3.4.13
Squid-cache Squid 3.5.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
NA
CVE-2015-5400
Squid prior to 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote malicious users to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Fedoraproject Fedora 22
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Squid-cache Squid
NA
CVE-2015-0881
CRLF injection vulnerability in Squid prior to 3.1.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
Squid-cache Squid
NA
CVE-2014-7142
The pinger in Squid 3.x prior to 3.4.8 allows remote malicious users to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
Oracle Solaris 11.2
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Squid-cache Squid 3.4.5
Squid-cache Squid 3.4.4
Squid-cache Squid 3.1.1
Squid-cache Squid 3.1.10
Squid-cache Squid 3.1.17
Squid-cache Squid 3.1.18
Squid-cache Squid 3.1.19
Squid-cache Squid 3.1.5
Squid-cache Squid 3.1.5.1
Squid-cache Squid 3.2.0.11
Squid-cache Squid 3.2.0.12
Squid-cache Squid 3.2.0.2
Squid-cache Squid 3.2.0.3
Squid-cache Squid 3.2.1
Squid-cache Squid 3.2.10
Squid-cache Squid 3.2.6
Squid-cache Squid 3.2.7
Squid-cache Squid 3.3.10
Squid-cache Squid 3.3.11
NA
CVE-2014-7141
The pinger in Squid 3.x prior to 3.4.8 allows remote malicious users to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
Squid-cache Squid 3.4.1
Squid-cache Squid 3.4.0.3
Squid-cache Squid 3.1.14
Squid-cache Squid 3.1.15
Squid-cache Squid 3.1.21
Squid-cache Squid 3.1.22
Squid-cache Squid 3.1.8
Squid-cache Squid 3.1.9
Squid-cache Squid 3.2.0.1
Squid-cache Squid 3.2.0.16
Squid-cache Squid 3.2.0.17
Squid-cache Squid 3.2.0.6
Squid-cache Squid 3.2.0.7
Squid-cache Squid 3.2.3
Squid-cache Squid 3.2.4
Squid-cache Squid 3.3.0.1
Squid-cache Squid 3.3.0.2
Squid-cache Squid 3.3.3
Squid-cache Squid 3.3.4
Squid-cache Squid 3.4.7
Squid-cache Squid 3.4.6
Squid-cache Squid 3.4.0.2
NA
CVE-2014-6270
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based ...
Squid-cache Squid 2.7.stable2
Squid-cache Squid 2.7.stable3
Squid-cache Squid 2.7.stable1
Squid-cache Squid 2.7.stable8
Squid-cache Squid 2.7.stable9
Squid-cache Squid 2.6.stable8
Squid-cache Squid 2.6.stable9
Squid-cache Squid 2.6.stable16
Squid-cache Squid 2.6.stable17
Squid-cache Squid 2.5.stable1
Squid-cache Squid 2.5.stable2
Squid-cache Squid 2.5.stable10
Squid-cache Squid 2.5.stable11
Squid-cache Squid 2.4.stable4
Squid-cache Squid 2.4.stable5
Squid-cache Squid 3.0
Squid-cache Squid 3.0.stable12
Squid-cache Squid 3.0.stable13
Squid-cache Squid 3.0.stable19
Squid-cache Squid 3.0.stable2
Squid-cache Squid 3.0.stable3
Squid-cache Squid 3.0.stable4
NA
CVE-2014-0128
Squid 3.1 prior to 3.3.12 and 3.4 prior to 3.4.4, when SSL-Bump is enabled, allows remote malicious users to cause a denial of service (assertion failure) via a crafted range request, related to state management.
Squid-cache Squid 3.1
Squid-cache Squid 3.1.0.15
Squid-cache Squid 3.1.0.16
Squid-cache Squid 3.1.0.17
Squid-cache Squid 3.1.0.7
Squid-cache Squid 3.1.0.8
Squid-cache Squid 3.1.14
Squid-cache Squid 3.1.15
Squid-cache Squid 3.1.8
Squid-cache Squid 3.1.9
Squid-cache Squid 3.2.0.15
Squid-cache Squid 3.2.0.16
Squid-cache Squid 3.2.0.5
Squid-cache Squid 3.2.0.6
Squid-cache Squid 3.2.2
Squid-cache Squid 3.2.3
Squid-cache Squid 3.1.0.1
Squid-cache Squid 3.1.0.10
Squid-cache Squid 3.1.0.18
Squid-cache Squid 3.1.0.2
Squid-cache Squid 3.1.0.9
Squid-cache Squid 3.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »