Vulnerabilities > Squid Cache > Squid > 3.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2019-12522 | Improper Privilege Management vulnerability in Squid-Cache Squid An issue was discovered in Squid through 4.7. | 4.5 |
| 2020-04-15 | CVE-2019-12521 | Off-by-one Error vulnerability in multiple products An issue was discovered in Squid through 4.7. | 5.9 |
| 2020-03-20 | CVE-2019-18860 | Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | 6.1 |
| 2020-02-04 | CVE-2019-12528 | An issue was discovered in Squid before 4.10. | 7.5 |
| 2020-02-04 | CVE-2020-8517 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid before 4.10. | 7.5 |
| 2020-02-04 | CVE-2020-8450 | Incorrect Calculation of Buffer Size vulnerability in multiple products An issue was discovered in Squid before 4.10. | 7.3 |
| 2020-02-04 | CVE-2020-8449 | Exposure of Resource to Wrong Sphere vulnerability in multiple products An issue was discovered in Squid before 4.10. | 7.5 |
| 2019-11-26 | CVE-2019-18679 | Information Exposure vulnerability in multiple products An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. | 7.5 |
| 2019-11-26 | CVE-2019-18678 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. | 5.3 |
| 2019-11-26 | CVE-2019-18677 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). | 6.1 |