Vulnerabilities > Squid Cache > Squid > 3.2.0.19
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-18 | CVE-2015-3455 | Improper Input Validation vulnerability in multiple products Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | 2.6 |
| 2014-11-26 | CVE-2014-7142 | Improper Input Validation vulnerability in multiple products The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. | 6.4 |
| 2014-11-26 | CVE-2014-7141 | Data Processing Errors vulnerability in Squid-Cache Squid The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. | 6.4 |
| 2014-09-12 | CVE-2014-6270 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. | 6.8 |
| 2014-09-11 | CVE-2014-3609 | Improper Input Validation vulnerability in Squid-Cache Squid HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." | 5.0 |
| 2014-04-14 | CVE-2014-0128 | Improper Input Validation vulnerability in multiple products Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. | 5.0 |
| 2013-09-30 | CVE-2013-1839 | Improper Input Validation vulnerability in Squid-Cache Squid The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header. | 7.8 |
| 2013-09-16 | CVE-2013-4123 | Improper Input Validation vulnerability in multiple products client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | 5.0 |