Squidex
by Squidex
Source repositories
CVEs (155)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12527 | 0.01 | — | 0.50 | Jul 11, 2019 | An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer… | |||
| CVE-2018-1000027 | Hig | 0.01 | 7.5 | 0.13 | Feb 9, 2018 | The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be… | ||
| CVE-2014-9749 | 0.01 | — | 0.11 | Nov 6, 2015 | Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability." | |||
| CVE-2015-5400 | 0.01 | — | 0.17 | Sep 28, 2015 | Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | |||
| CVE-2015-3455 | 0.01 | — | 0.11 | May 18, 2015 | Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers… | |||
| CVE-2013-1839 | 0.01 | — | 0.18 | Sep 30, 2013 | The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header. | |||
| CVE-2012-2213 | 0.01 | — | 0.12 | Apr 28, 2012 | Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a… | |||
| CVE-2007-0248 | 0.01 | — | 0.07 | Jan 16, 2007 | The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. | |||
| CVE-2005-2796 | 0.01 | — | 0.08 | Sep 7, 2005 | The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. | |||
| CVE-2005-0718 | 0.01 | — | 0.13 | Apr 14, 2005 | Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory. | |||
| CVE-2004-0918 | 0.01 | — | 0.16 | Jan 27, 2005 | The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. | |||
| CVE-2005-0096 | 0.01 | — | 0.09 | Jan 25, 2005 | Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption). | |||
| CVE-2005-0094 | 0.01 | — | 0.09 | Jan 15, 2005 | Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses. | |||
| CVE-2005-0097 | 0.01 | — | 0.11 | Jan 11, 2005 | The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference. | |||
| CVE-2004-0832 | 0.01 | — | 0.11 | Nov 3, 2004 | The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy. | |||
| CVE-2026-24736 | 0.00 | — | 0.00 | Jan 27, 2026 | Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to… | |||
| CVE-2025-59362 | 0.00 | — | 0.00 | Sep 26, 2025 | Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c. | |||
| CVE-2024-45802 | 0.00 | — | 0.45 | Oct 28, 2024 | Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service… | |||
| CVE-2024-25111 | 0.00 | — | 0.65 | Mar 6, 2024 | Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending… | |||
| CVE-2023-50269 | 0.00 | — | 0.58 | Dec 14, 2023 | Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a… |
- CVE-2019-12527Jul 11, 2019risk 0.01cvss —epss 0.50
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer…
- risk 0.01cvss 7.5epss 0.13
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be…
- CVE-2014-9749Nov 6, 2015risk 0.01cvss —epss 0.11
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
- CVE-2015-5400Sep 28, 2015risk 0.01cvss —epss 0.17
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
- CVE-2015-3455May 18, 2015risk 0.01cvss —epss 0.11
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers…
- CVE-2013-1839Sep 30, 2013risk 0.01cvss —epss 0.18
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
- CVE-2012-2213Apr 28, 2012risk 0.01cvss —epss 0.12
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a…
- CVE-2007-0248Jan 16, 2007risk 0.01cvss —epss 0.07
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
- CVE-2005-2796Sep 7, 2005risk 0.01cvss —epss 0.08
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
- CVE-2005-0718Apr 14, 2005risk 0.01cvss —epss 0.13
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
- CVE-2004-0918Jan 27, 2005risk 0.01cvss —epss 0.16
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
- CVE-2005-0096Jan 25, 2005risk 0.01cvss —epss 0.09
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
- CVE-2005-0094Jan 15, 2005risk 0.01cvss —epss 0.09
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
- CVE-2005-0097Jan 11, 2005risk 0.01cvss —epss 0.11
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
- CVE-2004-0832Nov 3, 2004risk 0.01cvss —epss 0.11
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.
- CVE-2026-24736Jan 27, 2026risk 0.00cvss —epss 0.00
Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to…
- CVE-2025-59362Sep 26, 2025risk 0.00cvss —epss 0.00
Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
- CVE-2024-45802Oct 28, 2024risk 0.00cvss —epss 0.45
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service…
- CVE-2024-25111Mar 6, 2024risk 0.00cvss —epss 0.65
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending…
- CVE-2023-50269Dec 14, 2023risk 0.00cvss —epss 0.58
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a…
Page 5 of 8