Vulnerabilities > Squid Cache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-11 | CVE-2019-12525 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. | 9.8 |
| 2019-07-05 | CVE-2019-13345 | Cross-site Scripting vulnerability in multiple products The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. | 6.1 |
| 2018-11-09 | CVE-2018-19132 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. | 4.3 |
| 2018-11-09 | CVE-2018-19131 | Cross-site Scripting vulnerability in Squid-Cache Squid Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. | 4.3 |
| 2018-05-16 | CVE-2018-1172 | NULL Pointer Dereference vulnerability in Squid-Cache Squid 3.5.27 This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. | 4.3 |
| 2018-02-09 | CVE-2018-1000027 | NULL Pointer Dereference vulnerability in multiple products The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. | 5.0 |
| 2018-02-09 | CVE-2018-1000024 | The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. | 5.0 |
| 2017-01-27 | CVE-2016-10003 | Incorrect Comparison vulnerability in Squid-Cache Squid Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. | 7.5 |
| 2017-01-27 | CVE-2016-10002 | Information Exposure vulnerability in multiple products Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. | 5.0 |
| 2016-05-10 | CVE-2016-4556 | Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. | 5.0 |