| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-12525 | 7.5 |
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if t
|
26-04-2022 - 20:18 | 11-07-2019 - 19:15 | |
| CVE-2020-11945 | 7.5 |
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a s
|
17-03-2021 - 12:40 | 23-04-2020 - 15:15 | |
| CVE-2019-12519 | 7.5 |
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expr
|
11-02-2021 - 14:43 | 15-04-2020 - 20:15 | |
| CVE-2019-13345 | 4.3 |
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
|
11-07-2020 - 00:15 | 05-07-2019 - 16:15 | |
| CVE-2018-1000024 | 5.0 |
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This att
|
03-10-2019 - 00:03 | 09-02-2018 - 23:29 | |
| CVE-2018-1000027 | 5.0 |
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the pro
|
17-07-2019 - 16:15 | 09-02-2018 - 23:29 |