Vulnerabilities > Squid Cache > Squid > 2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2020-8449 | Exposure of Resource to Wrong Sphere vulnerability in multiple products An issue was discovered in Squid before 4.10. | 7.5 |
| 2019-11-26 | CVE-2019-18679 | Information Exposure vulnerability in multiple products An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. | 7.5 |
| 2019-11-26 | CVE-2019-18677 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). | 6.1 |
| 2019-07-11 | CVE-2019-12529 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. | 5.9 |
| 2019-07-05 | CVE-2019-13345 | Cross-site Scripting vulnerability in multiple products The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. | 6.1 |
| 2018-11-09 | CVE-2018-19132 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. | 4.3 |
| 2018-11-09 | CVE-2018-19131 | Cross-site Scripting vulnerability in Squid-Cache Squid Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. | 4.3 |
| 2018-02-09 | CVE-2018-1000027 | NULL Pointer Dereference vulnerability in multiple products The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. | 5.0 |
| 2016-05-10 | CVE-2016-4554 | Insufficient Verification of Data Authenticity vulnerability in multiple products mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. | 5.0 |
| 2016-05-10 | CVE-2016-4553 | Insufficient Verification of Data Authenticity vulnerability in multiple products client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. | 5.0 |