VYPR

Vendor CVEs

Squidex

All CVEs

155 total · sorted by risk
  • CVE-2011-4096Nov 17, 2011
    risk 0.03cvss epss 0.38

    The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

  • CVE-2010-2951Oct 12, 2010
    risk 0.03cvss epss 0.31

    dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the…

  • CVE-2009-2855Aug 18, 2009
    risk 0.03cvss epss 0.37

    The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.

  • CVE-2005-0446May 2, 2005
    risk 0.03cvss epss 0.41

    Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.

  • CVE-2005-0175Feb 7, 2005
    risk 0.03cvss epss 0.41

    Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.

  • CVE-1999-1481Dec 31, 1999
    risk 0.03cvss epss 0.04

    Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.

  • CVE-2025-54574Aug 1, 2025
    risk 0.02cvss epss 0.23

    Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable…

  • CVE-2020-11945Apr 23, 2020
    risk 0.02cvss epss 0.27

    An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code…

  • CVE-2019-12528Feb 4, 2020
    risk 0.02cvss epss 0.10

    An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

  • CVE-2014-7142Nov 26, 2014
    risk 0.02cvss epss 0.25

    The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

  • CVE-2014-6270Sep 12, 2014
    risk 0.02cvss epss 0.23

    Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based…

  • CVE-2013-0189Feb 8, 2013
    risk 0.02cvss epss 0.23

    cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect…

  • CVE-2012-5643Dec 20, 2012
    risk 0.02cvss epss 0.23

    Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or…

  • CVE-2011-3205Sep 6, 2011
    risk 0.02cvss epss 0.27

    Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have…

  • CVE-2010-0639Feb 15, 2010
    risk 0.02cvss epss 0.31

    The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.

  • CVE-2010-0308Feb 3, 2010
    risk 0.02cvss epss 0.23

    lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.

  • CVE-2009-2621Jul 28, 2009
    risk 0.02cvss epss 0.23

    Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a)…

  • CVE-2007-6239Dec 4, 2007
    risk 0.02cvss epss 0.27

    The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.

  • CVE-2007-1560Mar 21, 2007
    risk 0.02cvss epss 0.27

    The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.

  • CVE-2005-0211May 2, 2005
    risk 0.02cvss epss 0.22

    Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.

  • CVE-2024-37894Jun 25, 2024
    risk 0.01cvss epss 0.06

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

  • CVE-2023-49286Dec 4, 2023
    risk 0.01cvss epss 0.10

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised…

  • CVE-2023-46253Nov 7, 2023
    risk 0.01cvss epss 0.02

    Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the…

  • CVE-2023-46848Nov 3, 2023
    risk 0.01cvss epss 0.10

    Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

  • CVE-2023-46846Nov 3, 2023
    risk 0.01cvss epss 0.05

    SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

  • CVE-2021-33620May 28, 2021
    risk 0.01cvss epss 0.80

    Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.

  • CVE-2021-28116Mar 9, 2021
    risk 0.01cvss epss 0.13

    Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.

  • CVE-2020-15049Jun 30, 2020
    risk 0.01cvss epss 0.06

    An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon…

  • CVE-2019-12519Apr 15, 2020
    risk 0.01cvss epss 0.07

    An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either…

  • CVE-2019-12529Jul 11, 2019
    risk 0.01cvss epss 0.08

    An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over…

  • CVE-2019-12527Jul 11, 2019
    risk 0.01cvss epss 0.50

    An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer…

  • CVE-2018-1000027HigFeb 9, 2018
    risk 0.01cvss 7.5epss 0.13

    The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be…

  • CVE-2014-9749Nov 6, 2015
    risk 0.01cvss epss 0.11

    Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

  • CVE-2015-5400Sep 28, 2015
    risk 0.01cvss epss 0.17

    Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

  • CVE-2015-3455May 18, 2015
    risk 0.01cvss epss 0.11

    Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers…

  • CVE-2013-1839Sep 30, 2013
    risk 0.01cvss epss 0.18

    The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.

  • CVE-2012-2213Apr 28, 2012
    risk 0.01cvss epss 0.12

    Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a…

  • CVE-2007-0248Jan 16, 2007
    risk 0.01cvss epss 0.07

    The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.

  • CVE-2005-2796Sep 7, 2005
    risk 0.01cvss epss 0.08

    The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.

  • CVE-2005-0718Apr 14, 2005
    risk 0.01cvss epss 0.13

    Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.

  • CVE-2004-0918Jan 27, 2005
    risk 0.01cvss epss 0.16

    The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

  • CVE-2005-0096Jan 25, 2005
    risk 0.01cvss epss 0.09

    Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2005-0094Jan 15, 2005
    risk 0.01cvss epss 0.09

    Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.

  • CVE-2005-0097Jan 11, 2005
    risk 0.01cvss epss 0.11

    The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.

  • CVE-2004-0832Nov 3, 2004
    risk 0.01cvss epss 0.11

    The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.

  • CVE-2026-24736Jan 27, 2026
    risk 0.00cvss epss 0.00

    Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to…

  • CVE-2025-59362Sep 26, 2025
    risk 0.00cvss epss 0.00

    Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.

  • CVE-2024-45802Oct 28, 2024
    risk 0.00cvss epss 0.45

    Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service…

  • CVE-2024-25111Mar 6, 2024
    risk 0.00cvss epss 0.65

    Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending…

  • CVE-2023-50269Dec 14, 2023
    risk 0.00cvss epss 0.58

    Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a…