VYPR

Squidex

by Squidex

Source repositories

CVEs (155)

  • CVE-2023-46857Dec 7, 2023
    risk 0.00cvss epss 0.01

    Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is…

  • CVE-2023-49288Dec 4, 2023
    risk 0.00cvss epss 0.05

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured…

  • CVE-2023-46252Nov 7, 2023
    risk 0.00cvss epss 0.00

    Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which…

  • CVE-2023-46744Nov 7, 2023
    risk 0.00cvss epss 0.01

    Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG…

  • CVE-2023-46728Nov 6, 2023
    risk 0.00cvss epss 0.06

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1.…

  • CVE-2023-5824Nov 3, 2023
    risk 0.00cvss epss 0.05

    A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is…

  • CVE-2023-46724Nov 1, 2023
    risk 0.00cvss epss 0.04

    Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem…

  • CVE-2023-3580Jul 10, 2023
    risk 0.00cvss epss 0.01

    Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

  • CVE-2023-0643Feb 2, 2023
    risk 0.00cvss epss 0.01

    Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

  • CVE-2023-0642Feb 2, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.

  • CVE-2022-41318Dec 25, 2022
    risk 0.00cvss epss 0.03

    A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these…

  • CVE-2022-41317Dec 25, 2022
    risk 0.00cvss epss 0.02

    An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

  • CVE-2021-46784Jul 17, 2022
    risk 0.00cvss epss 0.04

    In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

  • CVE-2021-41611Oct 18, 2021
    risk 0.00cvss epss 0.03

    An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of…

  • CVE-2021-28651May 27, 2021
    risk 0.00cvss epss 0.07

    An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that…

  • CVE-2021-31808May 27, 2021
    risk 0.00cvss epss 0.05

    An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.

  • CVE-2020-25097Mar 19, 2021
    risk 0.00cvss epss 0.08

    An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace…

  • CVE-2020-15811Sep 2, 2020
    risk 0.00cvss epss 0.04

    An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local…

  • CVE-2020-15810Sep 2, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local…

  • CVE-2020-14058Jun 30, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS.…

Page 6 of 8