High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-04	CVE-2020-8449	Exposure of Resource to Wrong Sphere vulnerability in multiple products An issue was discovered in Squid before 4.10. network low complexity squid-cache debian canonical opensuse fedoraproject CWE-668	7.5
2019-11-26	CVE-2019-18679	Information Exposure vulnerability in multiple products An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. network low complexity squid-cache canonical debian fedoraproject CWE-200	7.5
2019-11-26	CVE-2019-18676	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8. network low complexity squid-cache canonical fedoraproject debian CWE-787	7.5
2019-08-15	CVE-2019-12854	Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. network low complexity squid-cache debian fedoraproject canonical opensuse	7.5
2019-07-11	CVE-2019-12527	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid 4.0.23 through 4.7. network low complexity squid-cache fedoraproject debian canonical redhat CWE-787	8.8
2017-01-27	CVE-2016-10003	Incorrect Comparison vulnerability in Squid-Cache Squid Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. network low complexity squid-cache CWE-697	7.5
2016-04-07	CVE-2016-3947	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. network low complexity squid-cache canonical CWE-119	7.5
2013-09-30	CVE-2013-1839	Improper Input Validation vulnerability in Squid-Cache Squid The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header. network low complexity squid-cache CWE-20	7.8
2013-08-09	CVE-2013-4115	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request. network low complexity opensuse squid-cache CWE-119	7.5
2005-05-02	CVE-2005-0211	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter. network low complexity squid-cache debian CWE-119	7.5