Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0247 | 1 Squid | 1 Squid | 2025-04-09 | 5.0 MEDIUM | N/A |
| squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions. | |||||
| CVE-2008-1612 | 1 Squid | 1 Squid | 2025-04-09 | 4.3 MEDIUM | N/A |
| The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239. | |||||
| CVE-2007-1560 | 1 Squid | 1 Squid | 2025-04-09 | 5.0 MEDIUM | N/A |
| The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error. | |||||
| CVE-2007-0248 | 1 Squid | 1 Squid | 2025-04-09 | 5.0 MEDIUM | N/A |
| The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. | |||||
| CVE-2009-0478 | 1 Squid | 1 Squid | 2025-04-09 | 5.0 MEDIUM | N/A |
| Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. | |||||
| CVE-2004-0832 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
| The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy. | |||||
| CVE-2005-0175 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
| Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. | |||||
| CVE-2005-0096 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
| Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2002-2414 | 2 Opera Software, Squid | 2 Opera, Squid | 2025-04-03 | 4.3 MEDIUM | N/A |
| Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2005-0446 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
| Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure. | |||||
| CVE-2002-0067 | 2 Redhat, Squid | 2 Linux, Squid | 2025-04-03 | 7.5 HIGH | N/A |
| Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2005-0095 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
| The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers. | |||||
| CVE-2005-1711 | 3 Clam Anti-virus, Gibraltar, Squid | 3 Clamav, Gibraltar Firewall, Squid | 2025-04-03 | 7.5 HIGH | N/A |
| Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. | |||||
| CVE-2005-1345 | 1 Squid | 1 Squid | 2025-04-03 | 7.5 HIGH | N/A |
| Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator. | |||||
| CVE-2004-0918 | 6 Gentoo, Openpkg, Redhat and 3 more | 6 Linux, Openpkg, Fedora Core and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. | |||||
| CVE-2005-2917 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
| Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). | |||||
| CVE-2005-0173 | 1 Squid | 1 Squid | 2025-04-03 | 7.5 HIGH | N/A |
| squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server. | |||||
| CVE-2002-0715 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
| Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password. | |||||
| CVE-2005-3258 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
| The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses. | |||||
| CVE-2005-1519 | 1 Squid | 1 Squid | 2025-04-03 | 6.4 MEDIUM | N/A |
| Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups. | |||||