| CVE-2021-41611 |
AVG-1667 |
High |
Yes |
Certificate verification bypass |
When validating an origin server or peer certificate, Squid 5 before version 5.2 may incorrectly classify certain certificates as trusted. This problem... |
| CVE-2021-31808 |
AVG-1975 |
High |
Yes |
Denial of service |
Due to an incorrect input validation bug Squid before version 4.15 is vulnerable to a denial of service attack against all clients using the proxy by a... |
| CVE-2021-31807 |
AVG-1975 |
High |
Yes |
Denial of service |
Due to an incorrect input validation bug Squid before version 4.15 is vulnerable to a denial of service attack against all clients using the proxy by a... |
| CVE-2021-31806 |
AVG-1975 |
High |
Yes |
Denial of service |
Due to an incorrect input validation bug Squid before version 4.15 is vulnerable to a denial of service attack against all clients using the proxy by a... |
| CVE-2021-28662 |
AVG-1949 |
Medium |
Yes |
Denial of service |
Due to an input validation bug Squid before version 4.15 is vulnerable to a denial of service against all clients using the proxy. |
| CVE-2021-28652 |
AVG-1949 |
Medium |
Yes |
Denial of service |
Due to an incorrect parser validation bug Squid before version 4.15 is vulnerable to a denial of Service attack against the Cache Manager API. |
| CVE-2021-28651 |
AVG-1949 |
High |
Yes |
Denial of service |
Due to a buffer management bug Squid before version 4.15 is vulnerable to a denial of service attack against the server it is operating on. This attack is... |
| CVE-2021-28116 |
AVG-1667 |
High |
Yes |
Information disclosure |
Squid before version 5.2, in some configurations, allows information disclosure because of an out-of-bounds read in WCCPv2 protocol data. This problem... |
| CVE-2020-11945 |
AVG-1146 |
Critical |
Yes |
Arbitrary code execution |
An integer overflow has been found in Squid before 4.11 or 5.0.2. When memory pooling is used this problem allows a remote client to replay a sniffed Digest... |
| CVE-2019-18679 |
AVG-1062 |
Medium |
Yes |
Information disclosure |
An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value... |
| CVE-2019-18678 |
AVG-1062 |
High |
Yes |
Content spoofing |
A HTTP request splitting issue has been found in Squid before 4.9. This issue allows attackers to smuggle HTTP requests through frontend software to a Squid... |
| CVE-2019-12527 |
AVG-1004 |
Critical |
Yes |
Arbitrary code execution |
Due to incorrect buffer management Squid versions prior to 4.8 are vulnerable to a heap overflow and possible remote code execution attack when processing... |
| CVE-2019-12526 |
AVG-1062 |
Critical |
Yes |
Arbitrary code execution |
A heap-based buffer overflow has been found in Squid before 4.9, when processing URN. |
| CVE-2019-12521 |
AVG-1146 |
High |
Yes |
Content spoofing |
A heap-based out-of-bounds write has been found in Squid before 4.11 or 5.0.2., where a crafted ESI response sent from an upstream server can truncate... |
| CVE-2019-12519 |
AVG-1146 |
High |
Yes |
Arbitrary code execution |
A stack-based out-of-bounds write has been found in Squid before 4.11 or 5.0.2., where a crafted ESI response sent from an upstream server can overwrite... |