CVSS: 9.1EPSS: 2%CPEs: 4EXPL: 4CVE-2015-5400 – Debian Security Advisory 3327-1
https://notcve.org/view.php?id=CVE-2015-5400
04 Aug 2015 — Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. Vulnerabilidad en Squid en versiones anteriores a 3.5.6, no maneja adecuadamente las respuestas de pares del método CONNECT cuando se configura con cache_peer, lo que permite a atacantes remotos eludir las restricciones previstas y obtener acceso a un proxy backend a través de una sol... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0881
https://notcve.org/view.php?id=CVE-2015-0881
20 Feb 2015 — CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. Una vulnerabilidad de inyección CRLF en Squid anterior a versión 3.1.1, permite a los atacantes remotos inyectar encabezados HTTP arbitrarios y conducir ataques de división de respuesta HTTP por medio de un encabezado diseñado en una respuesta. • http://jvn.jp/en/jp/JVN64455813/index.html •
CVSS: 7.5EPSS: 11%CPEs: 181EXPL: 0CVE-2014-6270 – Gentoo Linux Security Advisory 201607-01
https://notcve.org/view.php?id=CVE-2014-6270
12 Sep 2014 — Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. Error de superación de límite (off-by-one) en la función snmpHandleUdp en snmp_core.cc en Squid 2.x y 3.x, cuando un puerto SNMP está configurado, permite a atacantes remotos causar una denegación de servicio (caída) o po... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 93%CPEs: 102EXPL: 0CVE-2012-5643 – squid: cachemgr.cgi memory usage DoS and memory leaks
https://notcve.org/view.php?id=CVE-2012-5643
20 Dec 2012 — Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. Varias fugas de memoria en tools/cachemgr.cc en cachemgr.cgi en Squid v2.x y v3.x antes de v3.1.22, v3.2.x antes de v3.2.4 y v3.3.x antes de v3.3.0.2 permite a atacantes remotos provocar una d... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 93%CPEs: 87EXPL: 0CVE-2011-4096 – squid: Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
https://notcve.org/view.php?id=CVE-2011-4096
17 Nov 2011 — The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. La función idnsGrokReply en Squid anterior a v3.1.16 no adecuada de memoria libre, permite a atacantes remotos provocar una denegación de servicio (daemon abortar) a través de una respuesta DNS que contiene un registro CNAME que hace referencia ... • http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 95%CPEs: 71EXPL: 0CVE-2011-3205 – squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
https://notcve.org/view.php?id=CVE-2011-3205
06 Sep 2011 — Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Desbordamiento de búfer en la v3.0 anterior a v3.0.STABLE26, v3.1 anterior a v3.1.15, y v3.2 anterior a v3.2.0.11 per... • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html •
CVSS: 7.5EPSS: 92%CPEs: 55EXPL: 0CVE-2010-3072 – Squid: Denial of service due internal error in string handling (SQUID-2010:3)
https://notcve.org/view.php?id=CVE-2010-3072
20 Sep 2010 — The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Las funciones de comparación de cadenas en String.cci en Squid v3.x anteriores a v3.1.8 y v3.2.x anteriores a v3.2.0.2 permite a atacantes remotos provocar una denegación de servicio (desreferenciación a puntero nulo y caída del demonio) a través de una petición manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html •
CVSS: 7.5EPSS: 91%CPEs: 33EXPL: 0CVE-2010-0639
https://notcve.org/view.php?id=CVE-2010-0639
15 Feb 2010 — The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. La función htcpHandleTstRequest en el archivo htcp.c en Squid versiones 2.x anterior a 2.6.STABLE24 y versión 2.7 anterior a 2.7.STABLE8, y en el archivo htcp.cc en versión 3.0 anterior a 3.0.STABLE24, permite que los atacantes remo... • http://bugs.squid-cache.org/show_bug.cgi?id=2858 •
CVSS: 7.5EPSS: 4%CPEs: 46EXPL: 0CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)
https://notcve.org/view.php?id=CVE-2010-0308
03 Feb 2010 — lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 90%CPEs: 29EXPL: 0CVE-2009-2622
https://notcve.org/view.php?id=CVE-2009-2622
28 Jul 2009 — Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. Squid desde v3.0 hasta v3.0.STABLE16 y desde v3.1 hasta v3.1.0.11 permite a atacantes remotos producir una denegación de servicio a través de peticiones mal formadas qu... • http://secunia.com/advisories/36007 • CWE-20: Improper Input Validation •