Lucene search
K

6125 matches found

Nuclei
Nuclei
added 14 hours ago18 views

Squid Proxy - HTTP Authentication Credentials Disclosure

Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...

10CVSS7AI score0.62871EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/25 10:39 p.m.6 views

CVE-2026-47729

A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. Mitigation When F...

6.5CVSS5.8AI score
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/25 10:38 p.m.6 views

CVE-2026-50012

A flaw was found in Squid. Due to improper input validation, a heap-based buffer overflow can occur when processing cache digests. This issue allows a trusted server to cause a denial of service when sending specially crafted replies to cachedigest request messages. Mitigation To mitigate this...

5.5CVSS6.1AI score
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Squid

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid was vulnerable to out-of-bound reads when handling ICP traffic. This issue allowed a remote attacker to access small amounts of memory that might contain sensitive information, by responding with...

6.9CVSS7AI score0.01039EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Squid

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap use-after-free issues, Squid was vulnerable to Denial of Service attacks when handling ICP traffic. This vulnerability allowed a remote attacker to carry out a reliable and repeatable Denial of Service attack on the Squid...

9.2CVSS7.2AI score0.08942EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Squid

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resources during their expected lifetime and heap Use-After-Free bugs, Squid was vulnerable to Denial of Service attacks when handling ICP traffic. This issue allowed a remote attacker to carry out a reliable...

8.7CVSS7AI score0.08931EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/22 4:29 p.m.20 views

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default...

6.2AI score
Exploits0
Debian
Debian
added 2026/06/21 5:43 p.m.6 views

[SECURITY] [DSA 6360-1] squid security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6360-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 21, 2026 https://www.debian.org/security/faq -...

9.2CVSS5.8AI score0.08942EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.6 views

Debian dsa-6360 : squid - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6360 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6360-1 [email protected] https://www.debian.org/securit...

9.2CVSS5.9AI score0.08942EPSS
Exploits1References10
OSV
OSV
added 2026/06/19 10:42 a.m.8 views

ROOT-OS-DEBIAN-12-CVE-2026-47729 CVE-2026-47729 in rootio-squid - Patched by Root

Root has patched CVE-2026-47729 in the rootio-squid package for Root:Debian:12. Multiple fixed versions available...

5.8AI score
Exploits1
OSV
OSV
added 2026/06/19 10:28 a.m.8 views

ROOT-OS-DEBIAN-13-CVE-2026-47729 CVE-2026-47729 in rootio-squid - Patched by Root

Root has patched CVE-2026-47729 in the rootio-squid package for Root:Debian:13. Multiple fixed versions available...

5.8AI score
Exploits1
OSV
OSV
added 2026/06/19 12:0 a.m.6 views

OPENSUSE-SU-2026:11069-1 squid-7.6-1.1 on GA media

These are all security issues fixed in the squid-7.6-1.1 package on the GA media of openSUSE Tumbleweed...

4CVSS5.9AI score0.00362EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.14 views

Squid < 7.6 Heap-based Buffer Overflow

The version of Squid on the remote host is prior to 7.6. It is, therefore, affected by a heap-based buffer overflow vulnerability: - Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to...

6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.10 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Squid vulnerabilities (USN-8435-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8435-1 advisory. It was discovered that Squid incorrectly handled FTP gateway processing under certain circumstances, which could result i...

6.4AI score
Exploits1References3
Schneier on Security
Schneier on Security
added 2026/06/12 9:5 p.m.13 views

Friday Squid Blogging: Squid-Inspired Fluid Pump

This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.25 views

Linux Distros Unpatched Vulnerability : CVE-2026-47729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - squid - None Ubuntu Linux - Out-of-bounds Read attack against the FTP gateway CVE-2026-47729 Note that Nessus relies on the presence of the packa...

6.6AI score
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-49606

Name of the Vulnerable Software and Affected Versions squid-cache Squid affected versions not specified Description A heap-based buffer overflow occurs during the processing of cache digests. A heap-based buffer overflow is a memory corruption issue where a program writes more data to a buffer...

6.4AI score
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-50012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to an Improper Input Validation bug, Squid is vulnerable toa Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server t...

6AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.13 views

TencentOS Server 4: squid (TSSA-2026:0346)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0346 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2026/05/29 9:5 p.m.18 views

Friday Squid Blogging: Another Squid

Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Rows per page
Query Builder