Vulnerabilities > Squid Cache > Squid > 4.0.2

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-50269 Uncontrolled Recursion vulnerability in Squid-Cache Squid
Squid is a caching proxy for the Web.
network
low complexity
squid-cache CWE-674
7.5
2023-12-04 CVE-2023-49285 Out-of-bounds Read vulnerability in Squid-Cache Squid
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.
network
low complexity
squid-cache CWE-125
7.5
2023-12-04 CVE-2023-49286 Reachable Assertion vulnerability in Squid-Cache Squid
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.
network
low complexity
squid-cache CWE-617
7.5
2023-12-04 CVE-2023-49288 Use After Free vulnerability in Squid-Cache Squid
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.
network
low complexity
squid-cache CWE-416
7.5
2023-11-06 CVE-2023-46728 NULL Pointer Dereference vulnerability in Squid-Cache Squid
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.
network
low complexity
squid-cache CWE-476
7.5
2023-11-03 CVE-2023-46846 HTTP Request Smuggling vulnerability in multiple products
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
network
low complexity
squid-cache redhat CWE-444
5.3
2023-11-03 CVE-2023-46847 Classic Buffer Overflow vulnerability in multiple products
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
network
low complexity
squid-cache redhat CWE-120
7.5
2023-11-03 CVE-2023-5824 Improper Handling of Exceptional Conditions vulnerability in multiple products
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
network
low complexity
squid-cache redhat CWE-755
7.5
2023-11-01 CVE-2023-46724 Improper Certificate Validation vulnerability in Squid-Cache Squid
Squid is a caching proxy for the Web.
network
low complexity
squid-cache CWE-295
7.5
2022-12-25 CVE-2022-41318 Integer Overflow or Wraparound vulnerability in Squid-Cache Squid
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6.
network
low complexity
squid-cache CWE-190
8.6