| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-0189 | 5.0 |
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possi
|
13-02-2023 - 04:38 | 08-02-2013 - 20:55 | |
| CVE-2008-1612 | 4.3 |
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an in
|
13-02-2023 - 02:18 | 01-04-2008 - 17:44 | |
| CVE-2020-14058 | 5.0 |
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-
|
28-04-2022 - 18:57 | 30-06-2020 - 19:15 | |
| CVE-2019-12854 | 5.0 |
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clien
|
01-01-2022 - 20:18 | 15-08-2019 - 17:15 | |
| CVE-2020-8450 | 7.5 |
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
|
21-07-2021 - 11:39 | 04-02-2020 - 20:15 | |
| CVE-2020-8517 | 5.0 |
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can re
|
21-07-2021 - 11:39 | 04-02-2020 - 20:15 | |
| CVE-2020-24606 | 7.1 |
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digest
|
21-07-2021 - 11:39 | 24-08-2020 - 18:15 | |
| CVE-2020-14059 | 4.0 |
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot man
|
30-03-2021 - 14:43 | 30-06-2020 - 19:15 | |
| CVE-2020-11945 | 7.5 |
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a s
|
17-03-2021 - 12:40 | 23-04-2020 - 15:15 | |
| CVE-2020-15049 | 6.5 |
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containi
|
12-03-2021 - 13:15 | 30-06-2020 - 18:15 | |
| CVE-2020-8449 | 5.0 |
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
|
04-03-2021 - 20:47 | 04-02-2020 - 20:15 | |
| CVE-2019-12520 | 5.0 |
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The abs
|
11-02-2021 - 14:42 | 15-04-2020 - 20:15 | |
| CVE-2020-24606 | 7.1 |
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digest
|
30-09-2020 - 22:15 | 24-08-2020 - 18:15 | |
| CVE-2020-15049 | 6.5 |
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containi
|
30-09-2020 - 22:15 | 30-06-2020 - 18:15 | |
| CVE-2018-19132 | 4.3 |
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
|
11-07-2020 - 00:15 | 09-11-2018 - 11:29 | |
| CVE-2018-1000024 | 5.0 |
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This att
|
03-10-2019 - 00:03 | 09-02-2018 - 23:29 | |
| CVE-2018-19131 | 4.3 |
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
|
11-12-2018 - 20:54 | 09-11-2018 - 11:29 | |
| CVE-2010-0308 | 4.0 |
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
|
19-09-2017 - 01:30 | 03-02-2010 - 18:30 | |
| CVE-2010-0639 | 5.0 |
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via craf
|
02-08-2010 - 04:00 | 15-02-2010 - 18:30 |