Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-0189 | 5.0 |
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possi
|
13-02-2023 - 04:38 | 08-02-2013 - 20:55 | |
CVE-2012-5643 | 5.0 |
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length header
|
13-02-2023 - 00:27 | 20-12-2012 - 12:02 | |
CVE-2011-3205 | 6.8 |
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon
|
13-02-2023 - 00:19 | 06-09-2011 - 15:55 | |
CVE-2016-4556 | 5.0 |
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. <a href="http://cwe.mitre.org/data/definitions/415.html">
|
27-12-2019 - 16:08 | 10-05-2016 - 19:59 | |
CVE-2016-4555 | 5.0 |
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
|
27-12-2019 - 16:08 | 10-05-2016 - 19:59 | |
CVE-2016-4553 | 5.0 |
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
|
27-12-2019 - 16:08 | 10-05-2016 - 19:59 | |
CVE-2016-4554 | 5.0 |
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
|
27-12-2019 - 16:08 | 10-05-2016 - 19:59 | |
CVE-2016-4053 | 4.3 |
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
|
27-12-2019 - 16:08 | 25-04-2016 - 14:59 | |
CVE-2016-4051 | 6.8 |
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
|
27-12-2019 - 16:08 | 25-04-2016 - 14:59 | |
CVE-2016-4054 | 6.8 |
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
|
27-12-2019 - 16:08 | 25-04-2016 - 14:59 | |
CVE-2013-4115 | 7.5 |
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
|
30-10-2018 - 16:27 | 09-08-2013 - 22:55 | |
CVE-2014-0128 | 5.0 |
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
|
30-10-2018 - 16:27 | 14-04-2014 - 15:09 | |
CVE-2016-2570 | 5.0 |
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML d
|
16-03-2018 - 01:29 | 27-02-2016 - 05:59 | |
CVE-2016-3948 | 5.0 |
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
|
16-03-2018 - 01:29 | 07-04-2016 - 18:59 | |
CVE-2016-2569 | 5.0 |
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary heade
|
16-03-2018 - 01:29 | 27-02-2016 - 05:59 | |
CVE-2016-2571 | 5.0 |
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed resp
|
16-03-2018 - 01:29 | 27-02-2016 - 05:59 | |
CVE-2016-2572 | 5.0 |
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
|
05-01-2018 - 02:30 | 27-02-2016 - 05:59 | |
CVE-2015-5400 | 6.8 |
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
|
22-09-2017 - 01:29 | 28-09-2015 - 20:59 | |
CVE-2014-6270 | 6.8 |
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, whic
|
08-09-2017 - 01:29 | 12-09-2014 - 14:55 | |
CVE-2013-0191 | 5.0 |
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.
|
29-08-2017 - 01:32 | 03-06-2014 - 14:55 | |
CVE-2016-4052 | 6.8 |
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
|
30-11-2016 - 03:06 | 25-04-2016 - 14:59 | |
CVE-2016-3947 | 7.5 |
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sen
|
28-11-2016 - 20:14 | 07-04-2016 - 18:59 | |
CVE-2016-2390 | 4.3 |
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (app
|
28-11-2016 - 20:04 | 19-04-2016 - 21:59 | |
CVE-2014-7142 | 6.4 |
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
|
28-11-2016 - 19:12 | 26-11-2014 - 15:59 | |
CVE-2014-7141 | 6.4 |
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
|
28-11-2016 - 19:12 | 26-11-2014 - 15:59 | |
CVE-2011-4096 | 5.0 |
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an
|
28-11-2016 - 19:07 | 17-11-2011 - 19:55 |