CVSS: 4.7EPSS: 1%CPEs: 1EXPL: 0CVE-2015-0881
https://notcve.org/view.php?id=CVE-2015-0881
20 Feb 2015 — CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. Una vulnerabilidad de inyección CRLF en Squid anterior a versión 3.1.1, permite a los atacantes remotos inyectar encabezados HTTP arbitrarios y conducir ataques de división de respuesta HTTP por medio de un encabezado diseñado en una respuesta. • http://jvn.jp/en/jp/JVN64455813/index.html •
CVSS: 7.5EPSS: 20%CPEs: 181EXPL: 0CVE-2014-6270 – Gentoo Linux Security Advisory 201607-01
https://notcve.org/view.php?id=CVE-2014-6270
12 Sep 2014 — Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. Error de superación de límite (off-by-one) en la función snmpHandleUdp en snmp_core.cc en Squid 2.x y 3.x, cuando un puerto SNMP está configurado, permite a atacantes remotos causar una denegación de servicio (caída) o po... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 39%CPEs: 102EXPL: 0CVE-2012-5643 – squid: cachemgr.cgi memory usage DoS and memory leaks
https://notcve.org/view.php?id=CVE-2012-5643
20 Dec 2012 — Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. Varias fugas de memoria en tools/cachemgr.cc en cachemgr.cgi en Squid v2.x y v3.x antes de v3.1.22, v3.2.x antes de v3.2.4 y v3.3.x antes de v3.3.0.2 permite a atacantes remotos provocar una d... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 60%CPEs: 87EXPL: 0CVE-2011-4096 – squid: Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
https://notcve.org/view.php?id=CVE-2011-4096
17 Nov 2011 — The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. La función idnsGrokReply en Squid anterior a v3.1.16 no adecuada de memoria libre, permite a atacantes remotos provocar una denegación de servicio (daemon abortar) a través de una respuesta DNS que contiene un registro CNAME que hace referencia ... • http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 56%CPEs: 33EXPL: 0CVE-2010-0639
https://notcve.org/view.php?id=CVE-2010-0639
15 Feb 2010 — The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. La función htcpHandleTstRequest en el archivo htcp.c en Squid versiones 2.x anterior a 2.6.STABLE24 y versión 2.7 anterior a 2.7.STABLE8, y en el archivo htcp.cc en versión 3.0 anterior a 3.0.STABLE24, permite que los atacantes remo... • http://bugs.squid-cache.org/show_bug.cgi?id=2858 •
CVSS: 7.5EPSS: 19%CPEs: 46EXPL: 0CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)
https://notcve.org/view.php?id=CVE-2010-0308
03 Feb 2010 — lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 68%CPEs: 3EXPL: 0CVE-2009-2855 – squid: DoS (100% CPU use) while processing certain external ACL helper HTTP headers
https://notcve.org/view.php?id=CVE-2009-2855
18 Aug 2009 — The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. La función strListGetItem en src/HttpHeaderTools.c en Squid v2.7 a permite a los atacantes remotos causar una denegación de servicio a través de una cabecera auth manipulada con ciertos delimitadores coma que lanzan un bucle infinito de llamadas a la función strcspn. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0801 – Gentoo Linux Security Advisory 201309-22
https://notcve.org/view.php?id=CVE-2009-0801
04 Mar 2009 — Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Squid cuando el modo de interceptación trasparente está habilitado, utiliza la cabecera HTTP Host para determinar el punto fina... • http://www.kb.cert.org/vuls/id/435052 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 79%CPEs: 22EXPL: 2CVE-2009-0478 – Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2009-0478
08 Feb 2009 — Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegación de servicio por medio de una petición HTTP con un número de versión no válido, lo que desencadena una a... • https://www.exploit-db.com/exploits/8021 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 68%CPEs: 26EXPL: 0CVE-2004-0918 – Squid SNMP DoS
https://notcve.org/view.php?id=CVE-2004-0918
21 Oct 2004 — The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt • CWE-399: Resource Management Errors •