CVSS: 7.5EPSS: 19%CPEs: 46EXPL: 0CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)
https://notcve.org/view.php?id=CVE-2010-0308
03 Feb 2010 — lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 33%CPEs: 45EXPL: 0CVE-2005-3258
https://notcve.org/view.php?id=CVE-2005-3258
20 Oct 2005 — The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses. • http://secunia.com/advisories/17271 •
CVSS: 7.5EPSS: 58%CPEs: 2EXPL: 0CVE-2005-2917
https://notcve.org/view.php?id=CVE-2005-2917
30 Sep 2005 — Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 7.5EPSS: 12%CPEs: 42EXPL: 0CVE-2005-2794
https://notcve.org/view.php?id=CVE-2005-2794
07 Sep 2005 — store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. • http://fedoranews.org/updates/FEDORA--.shtml •
CVSS: 7.5EPSS: 15%CPEs: 61EXPL: 0CVE-2005-2796
https://notcve.org/view.php?id=CVE-2005-2796
07 Sep 2005 — The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. • http://fedoranews.org/updates/FEDORA--.shtml •
CVSS: 7.5EPSS: 24%CPEs: 1EXPL: 0CVE-2005-1519
https://notcve.org/view.php?id=CVE-2005-1519
11 May 2005 — Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups. • http://fedoranews.org/updates/FEDORA--.shtml •
CVSS: 7.5EPSS: 12%CPEs: 58EXPL: 0CVE-2005-0718
https://notcve.org/view.php?id=CVE-2005-0718
12 Mar 2005 — Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 •
CVSS: 7.5EPSS: 65%CPEs: 59EXPL: 0CVE-2005-0446
https://notcve.org/view.php?id=CVE-2005-0446
15 Feb 2005 — Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 •
CVSS: 9.1EPSS: 1%CPEs: 38EXPL: 0CVE-2005-0173
https://notcve.org/view.php?id=CVE-2005-0173
06 Feb 2005 — squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 •
CVSS: 10.0EPSS: 1%CPEs: 38EXPL: 0CVE-2005-0194
https://notcve.org/view.php?id=CVE-2005-0194
06 Feb 2005 — Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 •