CVSS: 9.1EPSS: 2%CPEs: 38EXPL: 0CVE-2005-0173
https://notcve.org/view.php?id=CVE-2005-0173
06 Feb 2005 — squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 •
CVSS: 7.5EPSS: 54%CPEs: 27EXPL: 0CVE-2005-0096
https://notcve.org/view.php?id=CVE-2005-0096
19 Jan 2005 — Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption). • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 •
CVSS: 7.5EPSS: 88%CPEs: 27EXPL: 1CVE-2005-0094
https://notcve.org/view.php?id=CVE-2005-0094
15 Jan 2005 — Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 •
CVSS: 7.5EPSS: 96%CPEs: 27EXPL: 1CVE-2005-0095
https://notcve.org/view.php?id=CVE-2005-0095
15 Jan 2005 — The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 •
CVSS: 7.5EPSS: 78%CPEs: 27EXPL: 0CVE-2005-0097
https://notcve.org/view.php?id=CVE-2005-0097
11 Jan 2005 — The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference. • http://fedoranews.org/updates/FEDORA--.shtml •
CVSS: 7.5EPSS: 94%CPEs: 26EXPL: 0CVE-2004-0918 – Squid SNMP DoS
https://notcve.org/view.php?id=CVE-2004-0918
21 Oct 2004 — The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 72%CPEs: 1EXPL: 0CVE-2004-0832
https://notcve.org/view.php?id=CVE-2004-0832
28 Sep 2004 — The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy. Las funciones ntlm_fetch_string y ntlm_get_string en Squid 2.5.6 y anteriores, con autenticación NTLM activada, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante un paquete NTLMSSP que hace que se pas... • http://fedoranews.org/updates/FEDORA--.shtml •
CVSS: 9.1EPSS: 2%CPEs: 7EXPL: 3CVE-2004-0189 – Squid Proxy 2.4/2.5 - NULL URL Character Unauthorized Access
https://notcve.org/view.php?id=CVE-2004-0189
15 Mar 2004 — The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. La función de decodificación de URL "%xx" en Squid 2.5STABLE4 y anteriores permite a atacantes remotos saltarse las listas de control de acceso (ACL) url_regex mediante una URL con un carácter nulo ("%00"), lo que hace que Squid use sólo un par... • https://www.exploit-db.com/exploits/23777 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2002-2414
https://notcve.org/view.php?id=CVE-2002-2414
31 Dec 2002 — Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash). • http://marc.info/?l=full-disclosure&m=103783186608438&w=2 •
CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 0CVE-2002-0714
https://notcve.org/view.php?id=CVE-2002-0714
26 Jul 2002 — FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt •