Vulnerabilities > Squid Cache > Squid > 4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-18678 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. | 5.3 |
| 2019-11-26 | CVE-2019-18677 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). | 6.1 |
| 2019-11-26 | CVE-2019-18676 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. | 7.5 |
| 2019-11-26 | CVE-2019-12526 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid before 4.9. | 9.8 |
| 2019-11-26 | CVE-2019-12523 | An issue was discovered in Squid before 4.9. | 9.1 |
| 2019-08-15 | CVE-2019-12854 | Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. | 7.5 |
| 2019-07-11 | CVE-2019-12529 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. | 5.9 |
| 2019-07-11 | CVE-2019-12527 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid 4.0.23 through 4.7. | 8.8 |
| 2019-07-11 | CVE-2019-12525 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. | 9.8 |
| 2019-07-05 | CVE-2019-13345 | Cross-site Scripting vulnerability in multiple products The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. | 6.1 |