squid (SUSE:Linux Enterprise Server 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5 package squid, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (43)
CVE-2020-15049 — CVSS 9.9 (critical): An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning…
CVE-2019-12526 — CVSS 9.8 (critical): An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data…
CVE-2019-12519 — CVSS 9.8 (critical): An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This…
CVE-2020-11945 — CVSS 9.8 (critical): An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to…
CVE-2023-46846 — CVSS 9.3 (critical): SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response…
CVE-2019-12523 — CVSS 9.1 (critical): An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't…
CVE-2023-46848 — CVSS 8.6 (high): Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or…
CVE-2024-25111 — CVSS 8.6 (high): Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack…
CVE-2023-50269 — CVSS 8.6 (high): Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9…
CVE-2023-49286 — CVSS 8.6 (high): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is…
CVE-2022-41318 — CVSS 8.6 (high): A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB…
CVE-2023-46724 — CVSS 8.6 (high): Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0…
CVE-2023-49285 — CVSS 8.6 (high): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of…
CVE-2020-24606 — CVSS 8.6 (high): Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during…
CVE-2020-25097 — CVSS 8.6 (high): An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to…
CVE-2023-46847 — CVSS 8.6 (high): Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary…
CVE-2023-46728 — CVSS 7.5 (high): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a…
CVE-2021-28651 — CVSS 7.5 (high): An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When…
CVE-2020-8449 — CVSS 7.5 (high): An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways…
CVE-2019-18676 — CVSS 7.5 (high): An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can…
CVE-2020-8517 — CVSS 7.5 (high): An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in…
CVE-2019-12528 — CVSS 7.5 (high): An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap…
CVE-2019-18679 — CVSS 7.5 (high): An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information…
CVE-2020-8450 — CVSS 7.3 (high): An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid…
CVE-2021-33620 — CVSS 6.5 (medium): Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an…
CVE-2020-14059 — CVSS 6.5 (medium): An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing…
CVE-2020-15810 — CVSS 6.5 (medium): An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may…
CVE-2020-15811 — CVSS 6.5 (medium): An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may…
CVE-2021-28662 — CVSS 6.5 (medium): An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or…
CVE-2021-31806 — CVSS 6.5 (medium): An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service…
CVE-2021-46784 — CVSS 6.5 (medium): In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when…
CVE-2022-41317 — CVSS 6.5 (medium): An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be…
CVE-2024-23638 — CVSS 6.5 (medium): Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of…
CVE-2024-37894 — CVSS 6.3 (medium): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI…
CVE-2019-18860 — CVSS 6.1 (medium): Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
CVE-2019-18677 — CVSS 6.1 (medium): An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not…
CVE-2019-12521 — CVSS 5.9 (medium): An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a…
CVE-2019-18678 — CVSS 5.3 (medium): An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid…
CVE-2024-25617 — CVSS 5.3 (medium): Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug…
CVE-2021-28652 — CVSS 4.9 (medium): An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack…
CVE-2021-28116 — CVSS 3.7 (low): Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP…
CVE-2024-33427: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation…