VYPR

Squid

by Squid Cache

Source repositories

CVEs (105)

  • CVE-2023-46728Nov 6, 2023
    risk 0.00cvss epss 0.06

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1.…

  • CVE-2023-46724Nov 1, 2023
    risk 0.00cvss epss 0.04

    Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem…

  • CVE-2022-41317Dec 25, 2022
    risk 0.00cvss epss 0.02

    An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

  • CVE-2022-41318Dec 25, 2022
    risk 0.00cvss epss 0.03

    A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these…

  • CVE-2021-46784Jul 17, 2022
    risk 0.00cvss epss 0.04

    In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

  • CVE-2021-28652May 27, 2021
    risk 0.00cvss epss 0.04

    An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an…

  • CVE-2019-3688Oct 7, 2019
    risk 0.00cvss epss 0.00

    The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the…

  • CVE-2015-0881Feb 20, 2015
    risk 0.00cvss epss 0.05

    CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.

  • CVE-2008-1612Apr 1, 2008
    risk 0.00cvss epss 0.02

    The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for…

  • CVE-2005-3322Oct 27, 2005
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).

  • CVE-2005-3258Oct 20, 2005
    risk 0.00cvss epss 0.02

    The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.

  • CVE-2005-2917Sep 30, 2005
    risk 0.00cvss epss 0.03

    Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).

  • CVE-2005-2794Sep 7, 2005
    risk 0.00cvss epss 0.03

    store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.

  • CVE-2005-1711May 24, 2005
    risk 0.00cvss epss 0.01

    Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.

  • CVE-2005-1519May 11, 2005
    risk 0.00cvss epss 0.02

    Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.

  • CVE-2005-1345May 2, 2005
    risk 0.00cvss epss 0.02

    Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.

  • CVE-2005-0194May 2, 2005
    risk 0.00cvss epss 0.05

    Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator…

  • CVE-2005-0626Mar 8, 2005
    risk 0.00cvss epss 0.01

    Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.

  • CVE-2004-2654Dec 31, 2004
    risk 0.00cvss epss 0.02

    The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that…

  • CVE-2002-2414Dec 31, 2002
    risk 0.00cvss epss 0.01

    Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).

Page 5 of 6