Filtered by vendor Squid
Subscriptions
Filtered by product Squid
Subscriptions
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1612 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-09 | N/A |
| The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239. | ||||
| CVE-2009-0478 | 1 Squid | 1 Squid | 2025-04-09 | N/A |
| Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. | ||||
| CVE-2007-0247 | 1 Squid | 1 Squid | 2025-04-09 | N/A |
| squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions. | ||||
| CVE-2007-0248 | 1 Squid | 1 Squid | 2025-04-09 | N/A |
| The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. | ||||
| CVE-2007-1560 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-09 | N/A |
| The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error. | ||||
| CVE-2005-0095 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers. | ||||
| CVE-2005-0096 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption). | ||||
| CVE-2005-0097 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference. | ||||
| CVE-2005-2796 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. | ||||
| CVE-2005-0718 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory. | ||||
| CVE-2002-0068 | 2 Redhat, Squid | 2 Linux, Squid | 2025-04-03 | N/A |
| Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. | ||||
| CVE-2002-0163 | 2 Redhat, Squid | 2 Linux, Squid | 2025-04-03 | N/A |
| Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses. | ||||
| CVE-2002-2414 | 2 Opera Software, Squid | 2 Opera, Squid | 2025-04-03 | N/A |
| Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash). | ||||
| CVE-2004-0918 | 6 Gentoo, Openpkg, Redhat and 3 more | 7 Linux, Openpkg, Enterprise Linux and 4 more | 2025-04-03 | N/A |
| The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. | ||||
| CVE-2004-2654 | 1 Squid | 1 Squid | 2025-04-03 | N/A |
| The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5. | ||||
| CVE-2002-0069 | 2 Redhat, Squid | 2 Linux, Squid | 2025-04-03 | N/A |
| Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service. | ||||
| CVE-2005-0626 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. | ||||
| CVE-2005-1345 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator. | ||||
| CVE-2005-0173 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server. | ||||
| CVE-2005-0174 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters. | ||||