The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Squid

cybersecurity threat CVE-2019-12854

Squid: out-of-bounds memory reading via cachemgr.cgi

Synthesis of the vulnerability

An attacker can force a read at an invalid address via cachemgr.cgi of Squid, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 15/07/2019.
Identifiers: CERTFR-2019-AVI-332, CVE-2019-12854, DSA-4507-1, SQUID-2019:1, SUSE-SU-2019:2975-1, VIGILANCE-VUL-29769.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via cachemgr.cgi of Squid, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2019-12529

Squid: information disclosure via Basic Authentication uudecode

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Basic Authentication uudecode of Squid, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 12/07/2019.
Identifiers: CERTFR-2019-AVI-332, CVE-2019-12529, DLA-1858-1, DSA-4507-1, SQUID-2019:2, SUSE-SU-2019:2089-1, SUSE-SU-2019:2975-1, USN-4065-1, USN-4065-2, VIGILANCE-VUL-29762.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Basic Authentication uudecode of Squid, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2019-12525

Squid: integer overflow via Digest Authentication Single Quote

Synthesis of the vulnerability

An attacker can trigger an integer overflow via Digest Authentication Single Quote of Squid, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 12/07/2019.
Identifiers: CERTFR-2019-AVI-332, CVE-2019-12525, DLA-1858-1, DSA-4507-1, SQUID-2019:3, SUSE-SU-2019:2089-1, SUSE-SU-2019:2975-1, USN-4065-1, USN-4065-2, VIGILANCE-VUL-29760.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger an integer overflow via Digest Authentication Single Quote of Squid, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2019-13345

Squid: Cross Site Scripting via cachemgr.cgi

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via cachemgr.cgi of Squid, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 08/07/2019.
Identifiers: 4957, CERTFR-2019-AVI-332, CVE-2019-13345, DLA-1847-1, DSA-4507-1, openSUSE-SU-2019:1963-1, RHSA-2019:3476-01, SQUID-2019:6, SUSE-SU-2019:2089-1, SUSE-SU-2019:2092-1, SUSE-SU-2019:2975-1, USN-4059-1, USN-4059-2, VIGILANCE-VUL-29702.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via cachemgr.cgi of Squid, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

security vulnerability 27634

Squid cache: denial of service via SNMP

Synthesis of the vulnerability

An attacker can send malicious SNMP packets to Squid cache, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 29/10/2018.
Identifiers: CERTFR-2018-AVI-518, SQUID-2018:5, VIGILANCE-VUL-27634.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can send malicious SNMP packets to Squid cache, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2018-19131 CVE-2018-19132

Squid cache: Cross Site Scripting via TLS Errors

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via TLS Errors of Squid cache, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/10/2018.
Identifiers: bulletinoct2018, CERTFR-2018-AVI-518, CVE-2018-19131, CVE-2018-19132, DLA-1596-1, FEDORA-2018-714298460e, openSUSE-SU-2018:3818-1, openSUSE-SU-2018:3825-1, SQUID-2018:4, SUSE-SU-2018:3771-1, SUSE-SU-2018:3771-2, SUSE-SU-2018:3786-1, SUSE-SU-2018:3790-1, USN-4059-1, USN-4059-2, VIGILANCE-VUL-27633.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Squid cache product offers a web service.

However, it does not filter received data via TLS Errors before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via TLS Errors of Squid cache, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-1172

Squid cache: denial of service via ESI Response

Synthesis of the vulnerability

An attacker can generate a fatal error via ESI Response of Squid cache, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 18/04/2018.
Identifiers: CERTFR-2018-AVI-192, CVE-2018-1172, openSUSE-SU-2018:1135-1, SQUID-2018:3, SUSE-SU-2018:1365-1, VIGILANCE-VUL-25912, ZDI-18-309.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via ESI Response of Squid cache, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2018-1000024 CVE-2018-1000027

Squid cache: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Squid cache, in order to trigger a denial of service.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/01/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-046, CVE-2018-1000024, CVE-2018-1000027, DLA-1266-1, DLA-1267-1, DSA-4122-1, FEDORA-2018-4fabf63492, openSUSE-SU-2018:0647-1, SQUID-2018:1, SQUID-2018:2, USN-3557-1, VIGILANCE-VUL-25134.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error of Squid cache, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2016-10002 CVE-2016-10003

Squid cache: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Squid cache.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/12/2016.
Identifiers: CERTFR-2016-AVI-422, CVE-2016-10002, CVE-2016-10003, DLA-763-1, DSA-3745-1, FEDORA-2016-c614315d29, openSUSE-SU-2017:0192-1, RHSA-2017:0182-01, RHSA-2017:0183-01, USN-3192-1, VIGILANCE-VUL-21417.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Squid cache.

When the configuration directive collapsed_forwarding is enabled, an attacker can request an URL with some specially crafted headers, to get the response which was cached while processing a request for a previous client, in order to get the response body of the initial client. [severity:3/4; CVE-2016-10003]

An attacker can request an URL with specially crafted header If-None-Modified, to get the response which was cached while processing a request for a previous client, in order to get the response body of the initial client, including session cookies and the associated access rights. [severity:3/4; CVE-2016-10002]
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2016-4553 CVE-2016-4554 CVE-2016-4555

Squid: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Squid.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/05/2016.
Identifiers: CERTFR-2016-AVI-157, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556, DLA-478-1, DLA-556-1, DLA-558-1, DSA-3625-1, FEDORA-2016-95edf19d8a, FEDORA-2016-b3b9407940, openSUSE-SU-2016:2081-1, RHSA-2016:1138-01, RHSA-2016:1139-01, RHSA-2016:1140-01, SQUID-2016:7, SQUID-2016:8, SQUID-2016:9, SUSE-SU-2016:1996-1, SUSE-SU-2016:2089-1, USN-2995-1, VIGILANCE-VUL-19548.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Squid.

An script in the web browser of a client can poison the cache, in order to deceive other clients. [severity:3/4; CVE-2016-4553, SQUID-2016:7]

A special web client can poison the cache, in order to deceive other clients. [severity:2/4; CVE-2016-4554, SQUID-2016:8]

An attacker can trigger a fatal error in the processing of ESI responses, in order to trigger a denial of service. [severity:2/4; CVE-2016-4555, CVE-2016-4556, SQUID-2016:9]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Squid: