Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Squid
(Squid\-Cache)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 100 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-03-09 | CVE-2021-28116 | Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. | Debian_linux, Fedora, Squid | 5.3 | ||
2021-03-19 | CVE-2020-25097 | An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. | Debian_linux, Fedora, Cloud_manager, Squid | 8.6 | ||
2021-05-27 | CVE-2021-28651 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption. | Debian_linux, Fedora, Cloud_manager, Squid | 7.5 | ||
2021-05-27 | CVE-2021-28652 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege. | Debian_linux, Fedora, Squid | 4.9 | ||
2021-05-27 | CVE-2021-28662 | An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic. | Debian_linux, Fedora, Squid | 6.5 | ||
2021-05-27 | CVE-2021-31806 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | Debian_linux, Fedora, Cloud_manager, Squid | 6.5 | ||
2021-05-27 | CVE-2021-31808 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. | Debian_linux, Fedora, Cloud_manager, Squid | 6.5 | ||
2021-05-28 | CVE-2021-33620 | Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | Debian_linux, Fedora, Squid | 6.5 | ||
2021-06-08 | CVE-2021-31807 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. | Fedora, Cloud_manager, Squid | 6.5 | ||
2021-10-18 | CVE-2021-41611 | An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services. | Fedora, Squid | 7.5 |