CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0801 – Gentoo Linux Security Advisory 201309-22
https://notcve.org/view.php?id=CVE-2009-0801
04 Mar 2009 — Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Squid cuando el modo de interceptación trasparente está habilitado, utiliza la cabecera HTTP Host para determinar el punto fina... • http://www.kb.cert.org/vuls/id/435052 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 14%CPEs: 38EXPL: 1CVE-2007-6239 – squid: DoS in cache updates
https://notcve.org/view.php?id=CVE-2007-6239
04 Dec 2007 — The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. La funcionalidad de "cache update reply processing" en Squid versiones 2.x anteriores a 2.6.STABLE17 y Squid versión 3.0, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de vectores desconocidos relacionados con enc... • http://bugs.gentoo.org/show_bug.cgi?id=201209 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 75%CPEs: 2EXPL: 2CVE-2004-0541 – Squid - NTLM (Authenticated) Overflow
https://notcve.org/view.php?id=CVE-2004-0541
10 Jun 2004 — Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable). Desbordamiento de búfer en la función ntlm_check_auth (autenticación NTLM) de Squid Web Proxy Cache 2.5.x y 3.x, cuando se compila con manejadores NTLM activados, permite a atacantes remotos ejecutar código de su elección mediante una contraseña larga (variable "pass") • https://www.exploit-db.com/exploits/16847 •