Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.
6.9AI Score
0.003EPSS
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
6.3AI Score
0.0004EPSS
Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.
6.4AI Score
0.067EPSS
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
6.5AI Score
0.002EPSS