Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/129554?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "type": "deb", "namespace": "debian", "name": "squid", "version": "4.13-10+deb11u3", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.13-10+deb11u4", "latest_non_vulnerable_version": "7.5-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64300?format=api", "vulnerability_id": "VCID-5tpw-u7cg-hqd7", "summary": "squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33526.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33526.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01395", "scoring_system": "epss", "scoring_elements": "0.80755", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33526" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451574", "reference_id": "2451574", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451574" }, { "reference_url": "https://github.com/squid-cache/squid/commit/8a7d42f9d44befb8fcbbb619505587c8de6a1e91", "reference_id": "8a7d42f9d44befb8fcbbb619505587c8de6a1e91", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:20:32Z/" } ], "url": "https://github.com/squid-cache/squid/commit/8a7d42f9d44befb8fcbbb619505587c8de6a1e91" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-hpfx-h48q-gvwg", "reference_id": "GHSA-hpfx-h48q-gvwg", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:20:32Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-hpfx-h48q-gvwg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10255", "reference_id": "RHSA-2026:10255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10256", "reference_id": "RHSA-2026:10256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10257", "reference_id": "RHSA-2026:10257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11901", "reference_id": "RHSA-2026:11901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20564", "reference_id": "RHSA-2026:20564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20565", "reference_id": "RHSA-2026:20565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20580", "reference_id": "RHSA-2026:20580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6301", "reference_id": "RHSA-2026:6301", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6301" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8119", "reference_id": "RHSA-2026:8119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8317", "reference_id": "RHSA-2026:8317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8880", "reference_id": "RHSA-2026:8880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9220", "reference_id": "RHSA-2026:9220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9220" }, { "reference_url": "https://usn.ubuntu.com/8157-1/", "reference_id": "USN-8157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33526" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5tpw-u7cg-hqd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91793?format=api", "vulnerability_id": "VCID-7sua-wuyu-cqby", "summary": "squid: Use-After-Free in the HTTP Collapsed Forwarding Feature", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49288.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49288.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02101", "scoring_system": "epss", "scoring_elements": "0.84402", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49288" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49288", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49288" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252918", "reference_id": "2252918", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252918" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", "reference_id": "A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:35Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5", "reference_id": "GHSA-rj5h-46j6-q2g5", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:35Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", "reference_id": "MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:35Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240119-0006/", "reference_id": "ntap-20240119-0006", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:35Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240119-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7465", "reference_id": "RHSA-2023:7465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7668", "reference_id": "RHSA-2023:7668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7668" }, { "reference_url": "https://usn.ubuntu.com/6728-1/", "reference_id": "USN-6728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6728-1/" }, { "reference_url": "https://usn.ubuntu.com/6728-3/", "reference_id": "USN-6728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6728-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129636?format=api", "purl": "pkg:deb/debian/squid@6.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-49288" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7sua-wuyu-cqby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64304?format=api", "vulnerability_id": "VCID-pshb-b8z8-gqhm", "summary": "Squid: Squid: Information disclosure via improper input validation in ICP traffic", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33515.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13884", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33515" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/squid-cache/squid/pull/2220", "reference_id": "2220", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T14:19:33Z/" } ], "url": "https://github.com/squid-cache/squid/pull/2220" }, { "reference_url": "https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637", "reference_id": "2220#discussion_r2727683637", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T14:19:33Z/" } ], "url": "https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451581", "reference_id": "2451581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451581" }, { "reference_url": "https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165", "reference_id": "8138e909d2058d4401e0ad49b583afaec912b165", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T14:19:33Z/" } ], "url": "https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c", "reference_id": "GHSA-84p4-hcx7-jj7c", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T14:19:33Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c" }, { "reference_url": "https://usn.ubuntu.com/8157-1/", "reference_id": "USN-8157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33515" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pshb-b8z8-gqhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101455?format=api", "vulnerability_id": "VCID-qyjc-znbd-dub6", "summary": "Windows NTLM V1 Elevation of Privilege Vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-21311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04422", "scoring_system": "epss", "scoring_elements": "0.89233", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-21311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21311" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311", "reference_id": "CVE-2025-21311", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T20:58:33Z/" } ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129657?format=api", "purl": "pkg:deb/debian/squid@7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-21311" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qyjc-znbd-dub6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64305?format=api", "vulnerability_id": "VCID-rv56-tjvg-bbbc", "summary": "Squid: Squid: Denial of Service via crafted ICP traffic", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32748.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32748.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.4348", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32748" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451577", "reference_id": "2451577", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451577" }, { "reference_url": "https://github.com/squid-cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b", "reference_id": "703e07d25ca6fa11f52d20bf0bb879e22ab7481b", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T14:19:13Z/" } ], "url": "https://github.com/squid-cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f9p7-3jqg-hhvq", "reference_id": "GHSA-f9p7-3jqg-hhvq", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T14:19:13Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f9p7-3jqg-hhvq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10255", "reference_id": "RHSA-2026:10255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10256", "reference_id": "RHSA-2026:10256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10257", "reference_id": "RHSA-2026:10257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11901", "reference_id": "RHSA-2026:11901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20564", "reference_id": "RHSA-2026:20564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20565", "reference_id": "RHSA-2026:20565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20580", "reference_id": "RHSA-2026:20580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6301", "reference_id": "RHSA-2026:6301", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6301" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8119", "reference_id": "RHSA-2026:8119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8317", "reference_id": "RHSA-2026:8317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8880", "reference_id": "RHSA-2026:8880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9220", "reference_id": "RHSA-2026:9220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9220" }, { "reference_url": "https://usn.ubuntu.com/8157-1/", "reference_id": "USN-8157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32748" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rv56-tjvg-bbbc" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5477?format=api", "vulnerability_id": "VCID-1krf-hhrn-tfdd", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31806.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31806.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.85178", "scoring_system": "epss", "scoring_elements": "0.99372", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.85178", "scoring_system": "epss", "scoring_elements": "0.99374", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962595", "reference_id": "1962595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962595" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989043", "reference_id": "989043", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989043" }, { "reference_url": "https://security.archlinux.org/AVG-1975", "reference_id": "AVG-1975", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1975" }, { "reference_url": "https://security.gentoo.org/glsa/202105-14", "reference_id": "GLSA-202105-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4292", "reference_id": "RHSA-2021:4292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4292" }, { "reference_url": "https://usn.ubuntu.com/4981-1/", "reference_id": "USN-4981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4981-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129623?format=api", "purl": "pkg:deb/debian/squid@4.13-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-31806" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1krf-hhrn-tfdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101441?format=api", "vulnerability_id": "VCID-1qpe-g66r-r7d5", "summary": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15810.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15810.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15810", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35927", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36022", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15811" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24606" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871700", "reference_id": "1871700", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871700" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968934", "reference_id": "968934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3623", "reference_id": "RHSA-2020:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4082", "reference_id": "RHSA-2020:4082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "reference_url": "https://usn.ubuntu.com/4477-1/", "reference_id": "USN-4477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4477-1/" }, { "reference_url": "https://usn.ubuntu.com/4551-1/", "reference_id": "USN-4551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129616?format=api", "purl": "pkg:deb/debian/squid@4.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15810" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qpe-g66r-r7d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101338?format=api", "vulnerability_id": "VCID-1r8b-ykhg-9bar", "summary": "Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82901", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82928", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0735" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2002-0735" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1r8b-ykhg-9bar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101354?format=api", "vulnerability_id": "VCID-1xuh-awaq-rybw", "summary": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0173.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0173.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01691", "scoring_system": "epss", "scoring_elements": "0.82578", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01691", "scoring_system": "epss", "scoring_elements": "0.82605", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0173" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0173", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0173" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617478", "reference_id": "1617478", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:060", "reference_id": "RHSA-2005:060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:061", "reference_id": "RHSA-2005:061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:061" }, { "reference_url": "https://usn.ubuntu.com/77-1/", "reference_id": "USN-77-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/77-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129569?format=api", "purl": "pkg:deb/debian/squid@2.5.7-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0173" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xuh-awaq-rybw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101376?format=api", "vulnerability_id": "VCID-21hf-pjhc-gkek", "summary": "The \"cache update reply processing\" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6239.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08998", "scoring_system": "epss", "scoring_elements": "0.92766", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08998", "scoring_system": "epss", "scoring_elements": "0.92779", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=410181", "reference_id": "410181", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=410181" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455910", "reference_id": "455910", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455910" }, { "reference_url": "https://security.gentoo.org/glsa/200801-05", "reference_id": "GLSA-200801-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200801-05" }, { "reference_url": "https://security.gentoo.org/glsa/200903-38", "reference_id": "GLSA-200903-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200903-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1130", "reference_id": "RHSA-2007:1130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1130" }, { "reference_url": "https://usn.ubuntu.com/565-1/", "reference_id": "USN-565-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/565-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129585?format=api", "purl": "pkg:deb/debian/squid@2.6.17-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.6.17-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-6239" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-21hf-pjhc-gkek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101412?format=api", "vulnerability_id": "VCID-2fq8-mupa-gfc9", "summary": "Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4054.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4054.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.79915", "scoring_system": "epss", "scoring_elements": "0.99128", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.79915", "scoring_system": "epss", "scoring_elements": "0.99129", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329136", "reference_id": "1329136", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329136" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1138", "reference_id": "RHSA-2016:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1139", "reference_id": "RHSA-2016:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1140", "reference_id": "RHSA-2016:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1140" }, { "reference_url": "https://usn.ubuntu.com/2995-1/", "reference_id": "USN-2995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2995-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4054" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fq8-mupa-gfc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101448?format=api", "vulnerability_id": "VCID-2wzr-qudp-a7ff", "summary": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74874", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74903", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798545", "reference_id": "1798545", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798545" }, { "reference_url": "https://security.gentoo.org/glsa/202003-34", "reference_id": "GLSA-202003-34", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-34" }, { "reference_url": "https://usn.ubuntu.com/4289-1/", "reference_id": "USN-4289-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4289-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129609?format=api", "purl": "pkg:deb/debian/squid@4.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8517" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2wzr-qudp-a7ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90948?format=api", "vulnerability_id": "VCID-2x42-wmes-2uen", "summary": "squid: Denial of Service in HTTP Chunked Decoding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25111.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25111.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03051", "scoring_system": "epss", "scoring_elements": "0.86967", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268366", "reference_id": "2268366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268366" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/", "reference_id": "7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-25T16:32:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc", "reference_id": "GHSA-72c2-c3wm-8qxc", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-25T16:32:12Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0001/", "reference_id": "ntap-20240605-0001", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-25T16:32:12Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1375", "reference_id": "RHSA-2024:1375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1376", "reference_id": "RHSA-2024:1376", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1376" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1479", "reference_id": "RHSA-2024:1479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1515", "reference_id": "RHSA-2024:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1832", "reference_id": "RHSA-2024:1832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1833", "reference_id": "RHSA-2024:1833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2777", "reference_id": "RHSA-2024:2777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2822", "reference_id": "RHSA-2024:2822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2822" }, { "reference_url": "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch", "reference_id": "SQUID-2024_1.patch", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-25T16:32:12Z/" } ], "url": "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch" }, { "reference_url": "https://usn.ubuntu.com/6728-1/", "reference_id": "USN-6728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6728-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/", "reference_id": "XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-25T16:32:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129652?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129632?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129653?format=api", "purl": "pkg:deb/debian/squid@6.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-25111" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2x42-wmes-2uen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101410?format=api", "vulnerability_id": "VCID-2zct-5w44-gkag", "summary": "Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4053.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16544", "scoring_system": "epss", "scoring_elements": "0.95028", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.16544", "scoring_system": "epss", "scoring_elements": "0.95037", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329136", "reference_id": "1329136", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329136" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1138", "reference_id": "RHSA-2016:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1139", "reference_id": "RHSA-2016:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1140", "reference_id": "RHSA-2016:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1140" }, { "reference_url": "https://usn.ubuntu.com/2995-1/", "reference_id": "USN-2995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2995-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4053" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2zct-5w44-gkag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101333?format=api", "vulnerability_id": "VCID-39fn-vfvp-j3gp", "summary": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-0713.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-0713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80354", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80379", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0713" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616800", "reference_id": "1616800", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:051", "reference_id": "RHSA-2002:051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:130", "reference_id": "RHSA-2002:130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:130" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129557?format=api", "purl": "pkg:deb/debian/squid@2.4.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.4.6-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2002-0713" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39fn-vfvp-j3gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101364?format=api", "vulnerability_id": "VCID-3c8n-ttbh-5yhm", "summary": "Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1345.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1345.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-1345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40973", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41049", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-1345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617631", "reference_id": "1617631", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:415", "reference_id": "RHSA-2005:415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:415" }, { "reference_url": "https://usn.ubuntu.com/122-1/", "reference_id": "USN-122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/122-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129576?format=api", "purl": "pkg:deb/debian/squid@2.5.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-1345" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3c8n-ttbh-5yhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101386?format=api", "vulnerability_id": "VCID-3nbz-gtse-vfcz", "summary": "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3205.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.74962", "scoring_system": "epss", "scoring_elements": "0.98889", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.74962", "scoring_system": "epss", "scoring_elements": "0.98892", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3205" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583", "reference_id": "734583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583" }, { "reference_url": "https://security.gentoo.org/glsa/201110-24", "reference_id": "GLSA-201110-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1293", "reference_id": "RHSA-2011:1293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1293" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-3205" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nbz-gtse-vfcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101355?format=api", "vulnerability_id": "VCID-3nc4-d8r8-w7gr", "summary": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0174.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83332", "scoring_system": "epss", "scoring_elements": "0.99288", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.83332", "scoring_system": "epss", "scoring_elements": "0.99289", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617479", "reference_id": "1617479", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:060", "reference_id": "RHSA-2005:060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:061", "reference_id": "RHSA-2005:061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:061" }, { "reference_url": "https://usn.ubuntu.com/77-1/", "reference_id": "USN-77-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/77-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129570?format=api", "purl": "pkg:deb/debian/squid@2.5.7-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0174" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nc4-d8r8-w7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101335?format=api", "vulnerability_id": "VCID-3tg2-re6y-g7gm", "summary": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-0715.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-0715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.613", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61348", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0715" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616802", "reference_id": "1616802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:051", "reference_id": "RHSA-2002:051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:130", "reference_id": "RHSA-2002:130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:130" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129557?format=api", "purl": "pkg:deb/debian/squid@2.4.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.4.6-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2002-0715" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tg2-re6y-g7gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101357?format=api", "vulnerability_id": "VCID-3uxw-bjux-kkad", "summary": "Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71409", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71453", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0194" }, { "reference_url": "https://usn.ubuntu.com/84-1/", "reference_id": "USN-84-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/84-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129571?format=api", "purl": "pkg:deb/debian/squid@2.5.7-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0194" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3uxw-bjux-kkad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101409?format=api", "vulnerability_id": "VCID-4238-kt68-byew", "summary": "Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4052.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23622", "scoring_system": "epss", "scoring_elements": "0.96087", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.23622", "scoring_system": "epss", "scoring_elements": "0.96092", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329136", "reference_id": "1329136", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329136" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1138", "reference_id": "RHSA-2016:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1139", "reference_id": "RHSA-2016:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1140", "reference_id": "RHSA-2016:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1140" }, { "reference_url": "https://usn.ubuntu.com/2995-1/", "reference_id": "USN-2995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2995-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4052" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4238-kt68-byew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3981?format=api", "vulnerability_id": "VCID-43hy-vgzs-e7ek", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12519.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12519.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07536", "scoring_system": "epss", "scoring_elements": "0.91959", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07536", "scoring_system": "epss", "scoring_elements": "0.91972", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827552", "reference_id": "1827552", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827552" }, { "reference_url": "https://security.archlinux.org/AVG-1146", "reference_id": "AVG-1146", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1146" }, { "reference_url": "https://security.gentoo.org/glsa/202005-05", "reference_id": "GLSA-202005-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202005-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2038", "reference_id": "RHSA-2020:2038", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2039", "reference_id": "RHSA-2020:2039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2040", "reference_id": "RHSA-2020:2040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2041", "reference_id": "RHSA-2020:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2041" }, { "reference_url": "https://usn.ubuntu.com/4356-1/", "reference_id": "USN-4356-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4356-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129603?format=api", "purl": "pkg:deb/debian/squid@4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12519" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43hy-vgzs-e7ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101419?format=api", "vulnerability_id": "VCID-482d-pvjx-aya1", "summary": "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1172.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1172.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08729", "scoring_system": "epss", "scoring_elements": "0.92643", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08729", "scoring_system": "epss", "scoring_elements": "0.92655", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1172" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1172", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1172" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569424", "reference_id": "1569424", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569424" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1172" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-482d-pvjx-aya1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101446?format=api", "vulnerability_id": "VCID-4yrg-ns3w-77af", "summary": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8450.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8450.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.46309", "scoring_system": "epss", "scoring_elements": "0.97713", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.46309", "scoring_system": "epss", "scoring_elements": "0.97717", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552", "reference_id": "1798552", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950802", "reference_id": "950802", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950802" }, { "reference_url": "https://security.gentoo.org/glsa/202003-34", "reference_id": "GLSA-202003-34", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4082", "reference_id": "RHSA-2020:4082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4289-1/", "reference_id": "USN-4289-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4289-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129609?format=api", "purl": "pkg:deb/debian/squid@4.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8450" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yrg-ns3w-77af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101358?format=api", "vulnerability_id": "VCID-53jt-gwr4-8kgt", "summary": "Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0211.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.45323", "scoring_system": "epss", "scoring_elements": "0.97669", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.45323", "scoring_system": "epss", "scoring_elements": "0.97673", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0211" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617498", "reference_id": "1617498", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:060", "reference_id": "RHSA-2005:060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:061", "reference_id": "RHSA-2005:061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:061" }, { "reference_url": "https://usn.ubuntu.com/77-1/", "reference_id": "USN-77-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/77-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129570?format=api", "purl": "pkg:deb/debian/squid@2.5.7-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0211" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53jt-gwr4-8kgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101398?format=api", "vulnerability_id": "VCID-542u-f6fr-8uee", "summary": "CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0881.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0881.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04383", "scoring_system": "epss", "scoring_elements": "0.89167", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04383", "scoring_system": "epss", "scoring_elements": "0.89184", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0881" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0881" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199518", "reference_id": "1199518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199518" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0881" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-542u-f6fr-8uee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101382?format=api", "vulnerability_id": "VCID-5acx-thb8-vfdn", "summary": "The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2855.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.60658", "scoring_system": "epss", "scoring_elements": "0.98317", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.60658", "scoring_system": "epss", "scoring_elements": "0.9832", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=518182", "reference_id": "518182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=518182" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982", "reference_id": "534982", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982" }, { "reference_url": "https://security.gentoo.org/glsa/201110-24", "reference_id": "GLSA-201110-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0221", "reference_id": "RHSA-2010:0221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0221" }, { "reference_url": "https://usn.ubuntu.com/901-1/", "reference_id": "USN-901-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/901-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129590?format=api", "purl": "pkg:deb/debian/squid@2.7.STABLE7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.7.STABLE7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-2855" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5acx-thb8-vfdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101400?format=api", "vulnerability_id": "VCID-5f1a-x42j-eqhg", "summary": "Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5400.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5400.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24696", "scoring_system": "epss", "scoring_elements": "0.96242", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.24696", "scoring_system": "epss", "scoring_elements": "0.96247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5400" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1240741", "reference_id": "1240741", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1240741" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5400" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5f1a-x42j-eqhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3185?format=api", "vulnerability_id": "VCID-5shc-4uzx-5yf8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41318.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41318.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33946", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33843", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41318" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41318", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41318" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020586", "reference_id": "1020586", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020586" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/09/23/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:15:32Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/09/23/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129771", "reference_id": "2129771", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129771" }, { "reference_url": "https://security.archlinux.org/AVG-2816", "reference_id": "AVG-2816", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2816" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78", "reference_id": "GHSA-394c-rr7q-6g78", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:15:32Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6774", "reference_id": "RHSA-2022:6774", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6775", "reference_id": "RHSA-2022:6775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6776", "reference_id": "RHSA-2022:6776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6777", "reference_id": "RHSA-2022:6777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6815", "reference_id": "RHSA-2022:6815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6839", "reference_id": "RHSA-2022:6839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6839" }, { "reference_url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch", "reference_id": "SQUID-2022_2.patch", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:15:32Z/" } ], "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch" }, { "reference_url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch", "reference_id": "SQUID-2022_2.patch", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:15:32Z/" } ], "url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch" }, { "reference_url": "https://usn.ubuntu.com/5641-1/", "reference_id": "USN-5641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5641-1/" }, { "reference_url": "https://usn.ubuntu.com/6857-1/", "reference_id": "USN-6857-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6857-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129629?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129628?format=api", "purl": "pkg:deb/debian/squid@5.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-41318" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5shc-4uzx-5yf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101373?format=api", "vulnerability_id": "VCID-6cdq-k5s3-byaz", "summary": "The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0248.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0248.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52625", "scoring_system": "epss", "scoring_elements": "0.97993", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.52625", "scoring_system": "epss", "scoring_elements": "0.97996", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0248" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407202", "reference_id": "407202", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407202" }, { "reference_url": "https://security.gentoo.org/glsa/200701-22", "reference_id": "GLSA-200701-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200701-22" }, { "reference_url": "https://usn.ubuntu.com/414-1/", "reference_id": "USN-414-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/414-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129582?format=api", "purl": "pkg:deb/debian/squid@2.6.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.6.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-0248" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cdq-k5s3-byaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101438?format=api", "vulnerability_id": "VCID-6hvn-6cuu-duc1", "summary": "An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14058.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68129", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68169", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14058" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852554", "reference_id": "1852554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129615?format=api", "purl": "pkg:deb/debian/squid@4.12-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.12-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14058" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hvn-6cuu-duc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101439?format=api", "vulnerability_id": "VCID-6nqw-htvj-gyff", "summary": "An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14059.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03424", "scoring_system": "epss", "scoring_elements": "0.87676", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03424", "scoring_system": "epss", "scoring_elements": "0.87697", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14059" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852558", "reference_id": "1852558", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852558" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14059" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6nqw-htvj-gyff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101367?format=api", "vulnerability_id": "VCID-6rbp-pb6j-pbe5", "summary": "The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2796.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15104", "scoring_system": "epss", "scoring_elements": "0.94714", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15104", "scoring_system": "epss", "scoring_elements": "0.94723", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617755", "reference_id": "1617755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617755" }, { "reference_url": "https://security.gentoo.org/glsa/200509-06", "reference_id": "GLSA-200509-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200509-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:766", "reference_id": "RHSA-2005:766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:766" }, { "reference_url": "https://usn.ubuntu.com/183-1/", "reference_id": "USN-183-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/183-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129579?format=api", "purl": "pkg:deb/debian/squid@2.5.10-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.10-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-2796" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6rbp-pb6j-pbe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101442?format=api", "vulnerability_id": "VCID-6tsh-kmnv-nudz", "summary": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15811.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15811.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15811", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39992", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40074", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15811" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15811" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24606" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871702", "reference_id": "1871702", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871702" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968932", "reference_id": "968932", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3623", "reference_id": "RHSA-2020:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4082", "reference_id": "RHSA-2020:4082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "reference_url": "https://usn.ubuntu.com/4477-1/", "reference_id": "USN-4477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4477-1/" }, { "reference_url": "https://usn.ubuntu.com/4551-1/", "reference_id": "USN-4551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129616?format=api", "purl": "pkg:deb/debian/squid@4.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15811" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6tsh-kmnv-nudz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5476?format=api", "vulnerability_id": "VCID-761q-x6eb-uyh7", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31807.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31807.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31807", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33712", "scoring_system": "epss", "scoring_elements": "0.97039", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.33712", "scoring_system": "epss", "scoring_elements": "0.97043", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962597", "reference_id": "1962597", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962597" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989043", "reference_id": "989043", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989043" }, { "reference_url": "https://security.archlinux.org/AVG-1975", "reference_id": "AVG-1975", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1975" }, { "reference_url": "https://security.gentoo.org/glsa/202105-14", "reference_id": "GLSA-202105-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4292", "reference_id": "RHSA-2021:4292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4292" }, { "reference_url": "https://usn.ubuntu.com/4981-1/", "reference_id": "USN-4981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4981-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129623?format=api", "purl": "pkg:deb/debian/squid@4.13-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-31807" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-761q-x6eb-uyh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101433?format=api", "vulnerability_id": "VCID-78bd-cscn-qqfv", "summary": "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13345.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13345.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.41512", "scoring_system": "epss", "scoring_elements": "0.97485", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.41512", "scoring_system": "epss", "scoring_elements": "0.97491", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1727744", "reference_id": "1727744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1727744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931478", "reference_id": "931478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3476", "reference_id": "RHSA-2019:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1068", "reference_id": "RHSA-2020:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1068" }, { "reference_url": "https://usn.ubuntu.com/4059-1/", "reference_id": "USN-4059-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4059-1/" }, { "reference_url": "https://usn.ubuntu.com/4059-2/", "reference_id": "USN-4059-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4059-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129604?format=api", "purl": "pkg:deb/debian/squid@4.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13345" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-78bd-cscn-qqfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5475?format=api", "vulnerability_id": "VCID-7d68-mydh-57cm", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31808.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31808.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31808", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56255", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5631", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962599", "reference_id": "1962599", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962599" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989043", "reference_id": "989043", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989043" }, { "reference_url": "https://security.archlinux.org/AVG-1975", "reference_id": "AVG-1975", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1975" }, { "reference_url": "https://security.gentoo.org/glsa/202105-14", "reference_id": "GLSA-202105-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4292", "reference_id": "RHSA-2021:4292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4292" }, { "reference_url": "https://usn.ubuntu.com/4981-1/", "reference_id": "USN-4981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4981-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129623?format=api", "purl": "pkg:deb/debian/squid@4.13-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-31808" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7d68-mydh-57cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101378?format=api", "vulnerability_id": "VCID-7t4c-w47k-qyc9", "summary": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0478.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0478.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77052", "scoring_system": "epss", "scoring_elements": "0.98984", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.77052", "scoring_system": "epss", "scoring_elements": "0.98985", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246", "reference_id": "484246", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514142", "reference_id": "514142", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514142" }, { "reference_url": "https://security.gentoo.org/glsa/200903-38", "reference_id": "GLSA-200903-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200903-38" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8021.pl", "reference_id": "OSVDB-51810;CVE-2009-0478", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8021.pl" }, { "reference_url": "https://usn.ubuntu.com/724-1/", "reference_id": "USN-724-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/724-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129587?format=api", "purl": "pkg:deb/debian/squid@2.7.STABLE3-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.7.STABLE3-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-0478" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7t4c-w47k-qyc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92199?format=api", "vulnerability_id": "VCID-7vbt-133y-wkge", "summary": "squid: Denial of Service in HTTP Digest Authentication", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46847.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46847.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46847", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38209", "scoring_system": "epss", "scoring_elements": "0.97314", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055250", "reference_id": "1055250", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055250" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245916", "reference_id": "2245916", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6266", "reference_id": "RHSA-2023:6266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6267", "reference_id": "RHSA-2023:6267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6268", "reference_id": "RHSA-2023:6268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6748", "reference_id": "RHSA-2023:6748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6801", "reference_id": "RHSA-2023:6801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6803", "reference_id": "RHSA-2023:6803", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6803" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6804", "reference_id": "RHSA-2023:6804", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6805", "reference_id": "RHSA-2023:6805", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6805" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6810", "reference_id": "RHSA-2023:6810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6882", "reference_id": "RHSA-2023:6882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6884", "reference_id": "RHSA-2023:6884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7213", "reference_id": "RHSA-2023:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7576", "reference_id": "RHSA-2023:7576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7578", "reference_id": "RHSA-2023:7578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7578" }, { "reference_url": "https://usn.ubuntu.com/6500-1/", "reference_id": "USN-6500-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6500-1/" }, { "reference_url": "https://usn.ubuntu.com/6500-2/", "reference_id": "USN-6500-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6500-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129632?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129633?format=api", "purl": "pkg:deb/debian/squid@6.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-46847" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vbt-133y-wkge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93605?format=api", "vulnerability_id": "VCID-7xgk-cg81-yyht", "summary": "squid: NULL pointer dereference in the gopher protocol code", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46728.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46728.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02262", "scoring_system": "epss", "scoring_elements": "0.8495", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46728" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46728" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248521", "reference_id": "2248521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248521" }, { "reference_url": "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3", "reference_id": "6ea12e8fb590ac6959e9356a81aa3370576568c3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:14:28Z/" } ], "url": "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", "reference_id": "A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:14:28Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f", "reference_id": "GHSA-cg5h-v6vc-w33f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:14:28Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", "reference_id": "MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:14:28Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231214-0006/", "reference_id": "ntap-20231214-0006", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:14:28Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231214-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0046", "reference_id": "RHSA-2024:0046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0071", "reference_id": "RHSA-2024:0071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0072", "reference_id": "RHSA-2024:0072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0397", "reference_id": "RHSA-2024:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0771", "reference_id": "RHSA-2024:0771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0772", "reference_id": "RHSA-2024:0772", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0773", "reference_id": "RHSA-2024:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1153", "reference_id": "RHSA-2024:1153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1787", "reference_id": "RHSA-2024:1787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1787" }, { "reference_url": "https://usn.ubuntu.com/6500-1/", "reference_id": "USN-6500-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6500-1/" }, { "reference_url": "https://usn.ubuntu.com/6500-2/", "reference_id": "USN-6500-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6500-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129635?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129636?format=api", "purl": "pkg:deb/debian/squid@6.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-46728" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xgk-cg81-yyht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101444?format=api", "vulnerability_id": "VCID-84wx-quwx-p3gr", "summary": "An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25097.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69366", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69405", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25097" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939925", "reference_id": "1939925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939925" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985068", "reference_id": "985068", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985068" }, { "reference_url": "https://security.gentoo.org/glsa/202105-14", "reference_id": "GLSA-202105-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1135", "reference_id": "RHSA-2021:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1979", "reference_id": "RHSA-2021:1979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2025", "reference_id": "RHSA-2021:2025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2025" }, { "reference_url": "https://usn.ubuntu.com/4895-1/", "reference_id": "USN-4895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4895-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129617?format=api", "purl": "pkg:deb/debian/squid@4.13-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-25097" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84wx-quwx-p3gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4090?format=api", "vulnerability_id": "VCID-8e4d-y6um-pfan", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18678.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18678.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12526", "scoring_system": "epss", "scoring_elements": "0.94066", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12526", "scoring_system": "epss", "scoring_elements": "0.94074", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770349", "reference_id": "1770349", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770349" }, { "reference_url": "https://security.archlinux.org/ASA-201911-8", "reference_id": "ASA-201911-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201911-8" }, { "reference_url": "https://security.archlinux.org/AVG-1062", "reference_id": "AVG-1062", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1062" }, { "reference_url": "https://security.gentoo.org/glsa/202003-34", "reference_id": "GLSA-202003-34", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4213-1/", "reference_id": "USN-4213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4213-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129606?format=api", "purl": "pkg:deb/debian/squid@4.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-18678" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8e4d-y6um-pfan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101388?format=api", "vulnerability_id": "VCID-8rur-rbfr-gubm", "summary": "cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0189.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.69682", "scoring_system": "epss", "scoring_elements": "0.98679", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.69682", "scoring_system": "epss", "scoring_elements": "0.9868", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0189" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=895972", "reference_id": "895972", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895972" }, { "reference_url": "https://security.gentoo.org/glsa/201309-22", "reference_id": "GLSA-201309-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-22" }, { "reference_url": "https://usn.ubuntu.com/1713-1/", "reference_id": "USN-1713-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1713-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129592?format=api", "purl": "pkg:deb/debian/squid@2.7.STABLE9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.7.STABLE9-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0189" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8rur-rbfr-gubm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101359?format=api", "vulnerability_id": "VCID-966y-hxyz-h7ca", "summary": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0241.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0241.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86221", "scoring_system": "epss", "scoring_elements": "0.99416", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.86221", "scoring_system": "epss", "scoring_elements": "0.99417", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617504", "reference_id": "1617504", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617504" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:060", "reference_id": "RHSA-2005:060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:061", "reference_id": "RHSA-2005:061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:061" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129571?format=api", "purl": "pkg:deb/debian/squid@2.5.7-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0241" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-966y-hxyz-h7ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101393?format=api", "vulnerability_id": "VCID-a579-pajq-hffz", "summary": "Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6270.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6270.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18201", "scoring_system": "epss", "scoring_elements": "0.95318", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.18201", "scoring_system": "epss", "scoring_elements": "0.95326", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6270" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139967", "reference_id": "1139967", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139967" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://usn.ubuntu.com/2921-1/", "reference_id": "USN-2921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-6270" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a579-pajq-hffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101380?format=api", "vulnerability_id": "VCID-b44k-k14j-ube8", "summary": "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce \"buffer limits and related bound checks,\" which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2621.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2621.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2621", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23562", "scoring_system": "epss", "scoring_elements": "0.96081", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.23562", "scoring_system": "epss", "scoring_elements": "0.96086", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2621" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=514013", "reference_id": "514013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514013" }, { "reference_url": "https://security.gentoo.org/glsa/201110-24", "reference_id": "GLSA-201110-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-2621" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b44k-k14j-ube8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77605?format=api", "vulnerability_id": "VCID-b4wm-kgwv-nkhj", "summary": "squid-cache: Squid Buffer Overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54574.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54574.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0932", "scoring_system": "epss", "scoring_elements": "0.9292", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54574" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386026", "reference_id": "2386026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386026" }, { "reference_url": "https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988", "reference_id": "a27bf4b84da23594150c7a86a23435df0b35b988", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-01T18:43:36Z/" } ], "url": "https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3", "reference_id": "GHSA-w4gv-vw3f-29g3", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-01T18:43:36Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7465", "reference_id": "RHSA-2023:7465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7668", "reference_id": "RHSA-2023:7668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7668" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0072", "reference_id": "RHSA-2024:0072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0397", "reference_id": "RHSA-2024:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0771", "reference_id": "RHSA-2024:0771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0772", "reference_id": "RHSA-2024:0772", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0773", "reference_id": "RHSA-2024:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1153", "reference_id": "RHSA-2024:1153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14414", "reference_id": "RHSA-2025:14414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14414" }, { "reference_url": "https://github.com/squid-cache/squid/releases/tag/SQUID_6_4", "reference_id": "SQUID_6_4", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-01T18:43:36Z/" } ], "url": "https://github.com/squid-cache/squid/releases/tag/SQUID_6_4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129635?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129649?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129633?format=api", "purl": "pkg:deb/debian/squid@6.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54574" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4wm-kgwv-nkhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101352?format=api", "vulnerability_id": "VCID-b4y7-qehh-m3bh", "summary": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0096.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0096.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0096", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02283", "scoring_system": "epss", "scoring_elements": "0.84989", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02283", "scoring_system": "epss", "scoring_elements": "0.85012", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0096" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0096", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0096" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617457", "reference_id": "1617457", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617457" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:060", "reference_id": "RHSA-2005:060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:061", "reference_id": "RHSA-2005:061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:061" }, { "reference_url": "https://usn.ubuntu.com/67-1/", "reference_id": "USN-67-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/67-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129569?format=api", "purl": "pkg:deb/debian/squid@2.5.7-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0096" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4y7-qehh-m3bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101339?format=api", "vulnerability_id": "VCID-bxjr-uwbe-3udc", "summary": "Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02682", "scoring_system": "epss", "scoring_elements": "0.86124", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02682", "scoring_system": "epss", "scoring_elements": "0.86145", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129561?format=api", "purl": "pkg:deb/debian/squid@2.4.7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.4.7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2002-0916" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bxjr-uwbe-3udc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101413?format=api", "vulnerability_id": "VCID-c1s2-z4na-afbf", "summary": "client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4553.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4553.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.82841", "scoring_system": "epss", "scoring_elements": "0.99264", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.82841", "scoring_system": "epss", "scoring_elements": "0.99265", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334233", "reference_id": "1334233", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334233" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1139", "reference_id": "RHSA-2016:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1140", "reference_id": "RHSA-2016:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1140" }, { "reference_url": "https://usn.ubuntu.com/2995-1/", "reference_id": "USN-2995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2995-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4553" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1s2-z4na-afbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101426?format=api", "vulnerability_id": "VCID-c442-9agd-kqfb", "summary": "An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12524.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.6829", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.68331", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827570", "reference_id": "1827570", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4446-1/", "reference_id": "USN-4446-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4446-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129604?format=api", "purl": "pkg:deb/debian/squid@4.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12524" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c442-9agd-kqfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3979?format=api", "vulnerability_id": "VCID-c9d7-uf1j-nbg5", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11945.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11945.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.28475", "scoring_system": "epss", "scoring_elements": "0.9661", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.28475", "scoring_system": "epss", "scoring_elements": "0.96614", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827563", "reference_id": "1827563", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827563" }, { "reference_url": "https://security.archlinux.org/AVG-1146", "reference_id": "AVG-1146", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1146" }, { "reference_url": "https://security.gentoo.org/glsa/202005-05", "reference_id": "GLSA-202005-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202005-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2038", "reference_id": "RHSA-2020:2038", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2039", "reference_id": "RHSA-2020:2039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2040", "reference_id": "RHSA-2020:2040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2041", "reference_id": "RHSA-2020:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2041" }, { "reference_url": "https://usn.ubuntu.com/4356-1/", "reference_id": "USN-4356-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4356-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129603?format=api", "purl": "pkg:deb/debian/squid@4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-11945" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9d7-uf1j-nbg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91851?format=api", "vulnerability_id": "VCID-c9g5-6pp6-gkcy", "summary": "squid: Incorrect Check of Function Return Value In Helper Process management", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49286.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49286.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01726", "scoring_system": "epss", "scoring_elements": "0.82801", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252923", "reference_id": "2252923", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252923" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0046", "reference_id": "RHSA-2024:0046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0071", "reference_id": "RHSA-2024:0071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0072", "reference_id": "RHSA-2024:0072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0397", "reference_id": "RHSA-2024:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0771", "reference_id": "RHSA-2024:0771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0772", "reference_id": "RHSA-2024:0772", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0773", "reference_id": "RHSA-2024:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1153", "reference_id": "RHSA-2024:1153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1787", "reference_id": "RHSA-2024:1787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1787" }, { "reference_url": "https://usn.ubuntu.com/6594-1/", "reference_id": "USN-6594-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6594-1/" }, { "reference_url": "https://usn.ubuntu.com/6857-1/", "reference_id": "USN-6857-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6857-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129632?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129633?format=api", "purl": "pkg:deb/debian/squid@6.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-49286" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9g5-6pp6-gkcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91739?format=api", "vulnerability_id": "VCID-crr1-gdmq-bua6", "summary": "squid: denial of service in HTTP request parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50269.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50269.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50269", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01147", "scoring_system": "epss", "scoring_elements": "0.78831", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058721", "reference_id": "1058721", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058721" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254663", "reference_id": "2254663", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254663" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", "reference_id": "A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T14:21:27Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3", "reference_id": "GHSA-wgq4-4cfg-c4x3", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T14:21:27Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", "reference_id": "MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T14:21:27Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", "reference_id": "msg00003.html", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T14:21:27Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240119-0005/", "reference_id": "ntap-20240119-0005", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T14:21:27Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240119-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0397", "reference_id": "RHSA-2024:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0771", "reference_id": "RHSA-2024:0771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0772", "reference_id": "RHSA-2024:0772", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0773", "reference_id": "RHSA-2024:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1085", "reference_id": "RHSA-2024:1085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1085" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1153", "reference_id": "RHSA-2024:1153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1375", "reference_id": "RHSA-2024:1375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1376", "reference_id": "RHSA-2024:1376", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1376" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1787", "reference_id": "RHSA-2024:1787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1787" }, { "reference_url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch", "reference_id": "SQUID-2023_10.patch", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T14:21:27Z/" } ], "url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch" }, { "reference_url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch", "reference_id": "SQUID-2023_10.patch", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T14:21:27Z/" } ], "url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch" }, { "reference_url": "https://usn.ubuntu.com/6594-1/", "reference_id": "USN-6594-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6594-1/" }, { "reference_url": "https://usn.ubuntu.com/6857-1/", "reference_id": "USN-6857-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6857-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129632?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129646?format=api", "purl": "pkg:deb/debian/squid@6.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-50269" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-crr1-gdmq-bua6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101432?format=api", "vulnerability_id": "VCID-db6w-h95e-9bhf", "summary": "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12854.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38048", "scoring_system": "epss", "scoring_elements": "0.97301", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.38048", "scoring_system": "epss", "scoring_elements": "0.97305", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730523", "reference_id": "1730523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4213-1/", "reference_id": "USN-4213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4213-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129604?format=api", "purl": "pkg:deb/debian/squid@4.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12854" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db6w-h95e-9bhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101379?format=api", "vulnerability_id": "VCID-ddm4-j52m-efcy", "summary": "Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0801.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10926", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11013", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488502", "reference_id": "488502", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488502" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521053", "reference_id": "521053", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521053" }, { "reference_url": "https://security.gentoo.org/glsa/201309-22", "reference_id": "GLSA-201309-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-0801" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ddm4-j52m-efcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101429?format=api", "vulnerability_id": "VCID-dydn-mqw1-g7at", "summary": "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12528.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23648", "scoring_system": "epss", "scoring_elements": "0.9609", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.23648", "scoring_system": "epss", "scoring_elements": "0.96095", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534", "reference_id": "1798534", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950925", "reference_id": "950925", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950925" }, { "reference_url": "https://security.gentoo.org/glsa/202003-34", "reference_id": "GLSA-202003-34", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4082", "reference_id": "RHSA-2020:4082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4289-1/", "reference_id": "USN-4289-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4289-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129609?format=api", "purl": "pkg:deb/debian/squid@4.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12528" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dydn-mqw1-g7at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92082?format=api", "vulnerability_id": "VCID-e7d7-jejy-ukct", "summary": "squid: Denial of Service in SSL Certificate validation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46724.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46724.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.639", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055252", "reference_id": "1055252", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055252" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247567", "reference_id": "2247567", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247567" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", "reference_id": "A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:13:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/" }, { "reference_url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810", "reference_id": "b70f864940225dfe69f9f653f948e787f99c3810", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:13:11Z/" } ], "url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3", "reference_id": "GHSA-73m6-jm96-c6r3", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:13:11Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", "reference_id": "MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:13:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231208-0001/", "reference_id": "ntap-20231208-0001", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:13:11Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231208-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0046", "reference_id": "RHSA-2024:0046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0071", "reference_id": "RHSA-2024:0071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0072", "reference_id": "RHSA-2024:0072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0397", "reference_id": "RHSA-2024:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0771", "reference_id": "RHSA-2024:0771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0772", "reference_id": "RHSA-2024:0772", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0773", "reference_id": "RHSA-2024:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1153", "reference_id": "RHSA-2024:1153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1787", "reference_id": "RHSA-2024:1787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1787" }, { "reference_url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch", "reference_id": "SQUID-2023_4.patch", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:13:11Z/" } ], "url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch" }, { "reference_url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch", "reference_id": "SQUID-2023_4.patch", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:13:11Z/" } ], "url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch" }, { "reference_url": "https://usn.ubuntu.com/6500-1/", "reference_id": "USN-6500-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6500-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129632?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129633?format=api", "purl": "pkg:deb/debian/squid@6.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-46724" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7d7-jejy-ukct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101351?format=api", "vulnerability_id": "VCID-efj8-p65n-bffs", "summary": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0095.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0095.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0095", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75842", "scoring_system": "epss", "scoring_elements": "0.98928", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.75842", "scoring_system": "epss", "scoring_elements": "0.98929", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0095" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617456", "reference_id": "1617456", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:060", "reference_id": "RHSA-2005:060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:061", "reference_id": "RHSA-2005:061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:061" }, { "reference_url": "https://usn.ubuntu.com/67-1/", "reference_id": "USN-67-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/67-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129569?format=api", "purl": "pkg:deb/debian/squid@2.5.7-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0095" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-efj8-p65n-bffs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101332?format=api", "vulnerability_id": "VCID-fh8e-t1f8-73b2", "summary": "The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-1999-0710.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-1999-0710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-1999-0710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12632", "scoring_system": "epss", "scoring_elements": "0.94098", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12632", "scoring_system": "epss", "scoring_elements": "0.94106", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-1999-0710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616452", "reference_id": "1616452", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616452" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/remote/20465.sh", "reference_id": "CVE-1999-0710;OSVDB-28", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/remote/20465.sh" }, { "reference_url": "https://www.securityfocus.com/bid/2059/info", "reference_id": "CVE-1999-0710;OSVDB-28", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/2059/info" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:415", "reference_id": "RHSA-2005:415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:489", "reference_id": "RHSA-2005:489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129553?format=api", "purl": "pkg:deb/debian/squid@2.5.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-1999-0710" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fh8e-t1f8-73b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3980?format=api", "vulnerability_id": "VCID-fz4s-d6vu-5ydx", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12521.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12521.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68805", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68844", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827562", "reference_id": "1827562", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827562" }, { "reference_url": "https://security.archlinux.org/AVG-1146", "reference_id": "AVG-1146", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1146" }, { "reference_url": "https://security.gentoo.org/glsa/202005-05", "reference_id": "GLSA-202005-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202005-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4356-1/", "reference_id": "USN-4356-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4356-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129603?format=api", "purl": "pkg:deb/debian/squid@4.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12521" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fz4s-d6vu-5ydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101396?format=api", "vulnerability_id": "VCID-g4mn-8ehd-6udp", "summary": "Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9749.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01938", "scoring_system": "epss", "scoring_elements": "0.83743", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01938", "scoring_system": "epss", "scoring_elements": "0.83766", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9749" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186768", "reference_id": "1186768", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186768" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9749" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4mn-8ehd-6udp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101423?format=api", "vulnerability_id": "VCID-gr7g-hj5f-aufc", "summary": "An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12520.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12520.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06184", "scoring_system": "epss", "scoring_elements": "0.91004", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06184", "scoring_system": "epss", "scoring_elements": "0.91018", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827558", "reference_id": "1827558", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827558" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4446-1/", "reference_id": "USN-4446-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4446-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129604?format=api", "purl": "pkg:deb/debian/squid@4.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12520" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gr7g-hj5f-aufc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101445?format=api", "vulnerability_id": "VCID-gytn-z913-ubht", "summary": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8449.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8449.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03964", "scoring_system": "epss", "scoring_elements": "0.88578", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03964", "scoring_system": "epss", "scoring_elements": "0.88596", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540", "reference_id": "1798540", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950802", "reference_id": "950802", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950802" }, { "reference_url": "https://security.gentoo.org/glsa/202003-34", "reference_id": "GLSA-202003-34", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4082", "reference_id": "RHSA-2020:4082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4289-1/", "reference_id": "USN-4289-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4289-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129609?format=api", "purl": "pkg:deb/debian/squid@4.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8449" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gytn-z913-ubht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92198?format=api", "vulnerability_id": "VCID-h4af-cyxg-juf8", "summary": "squid: DoS against HTTP and HTTPS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5824.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5824.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01879", "scoring_system": "epss", "scoring_elements": "0.8351", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055249", "reference_id": "1055249", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055249" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914", "reference_id": "2245914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7465", "reference_id": "RHSA-2023:7465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7668", "reference_id": "RHSA-2023:7668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7668" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0072", "reference_id": "RHSA-2024:0072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0397", "reference_id": "RHSA-2024:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0771", "reference_id": "RHSA-2024:0771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0772", "reference_id": "RHSA-2024:0772", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0773", "reference_id": "RHSA-2024:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1153", "reference_id": "RHSA-2024:1153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1153" }, { "reference_url": "https://usn.ubuntu.com/6728-1/", "reference_id": "USN-6728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6728-1/" }, { "reference_url": "https://usn.ubuntu.com/6728-3/", "reference_id": "USN-6728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6728-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129635?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129649?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129633?format=api", "purl": "pkg:deb/debian/squid@6.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-5824" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4af-cyxg-juf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91852?format=api", "vulnerability_id": "VCID-h8gc-xzsu-xkef", "summary": "squid: Buffer over-read in the HTTP Message processing feature", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49285.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49285.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09621", "scoring_system": "epss", "scoring_elements": "0.93044", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252926", "reference_id": "2252926", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0046", "reference_id": "RHSA-2024:0046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0071", "reference_id": "RHSA-2024:0071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0072", "reference_id": "RHSA-2024:0072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0397", "reference_id": "RHSA-2024:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0771", "reference_id": "RHSA-2024:0771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0772", "reference_id": "RHSA-2024:0772", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0773", "reference_id": "RHSA-2024:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1153", "reference_id": "RHSA-2024:1153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1787", "reference_id": "RHSA-2024:1787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1787" }, { "reference_url": "https://usn.ubuntu.com/6594-1/", "reference_id": "USN-6594-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6594-1/" }, { "reference_url": "https://usn.ubuntu.com/6857-1/", "reference_id": "USN-6857-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6857-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129632?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129633?format=api", "purl": "pkg:deb/debian/squid@6.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-49285" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8gc-xzsu-xkef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5503?format=api", "vulnerability_id": "VCID-j2q4-n7rm-7bfp", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28662.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28662.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1363", "scoring_system": "epss", "scoring_elements": "0.94379", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1363", "scoring_system": "epss", "scoring_elements": "0.94387", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962254", "reference_id": "1962254", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962254" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988891", "reference_id": "988891", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988891" }, { "reference_url": "https://security.archlinux.org/ASA-202105-10", "reference_id": "ASA-202105-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-10" }, { "reference_url": "https://security.archlinux.org/AVG-1949", "reference_id": "AVG-1949", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1949" }, { "reference_url": "https://security.gentoo.org/glsa/202105-14", "reference_id": "GLSA-202105-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4292", "reference_id": "RHSA-2021:4292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4292" }, { "reference_url": "https://usn.ubuntu.com/4981-1/", "reference_id": "USN-4981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4981-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129623?format=api", "purl": "pkg:deb/debian/squid@4.13-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28662" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2q4-n7rm-7bfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101435?format=api", "vulnerability_id": "VCID-j4rt-cxwg-rugw", "summary": "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04214", "scoring_system": "epss", "scoring_elements": "0.88941", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04214", "scoring_system": "epss", "scoring_elements": "0.88958", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770365", "reference_id": "1770365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770365" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4213-1/", "reference_id": "USN-4213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4213-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129606?format=api", "purl": "pkg:deb/debian/squid@4.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-18677" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4rt-cxwg-rugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74526?format=api", "vulnerability_id": "VCID-j8vv-ysfd-a7c6", "summary": "squid-cache: Squid cache buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59362.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38797", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59362" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117048", "reference_id": "1117048", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117048" }, { "reference_url": "https://github.com/squid-cache/squid/pull/2149", "reference_id": "2149", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T20:30:59Z/" } ], "url": "https://github.com/squid-cache/squid/pull/2149" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2399758", "reference_id": "2399758", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2399758" }, { "reference_url": "https://github.com/Microsvuln/advisories/blob/main/CVE-2025-59362/CVE-2025-59362.md", "reference_id": "CVE-2025-59362.md", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T20:30:59Z/" } ], "url": "https://github.com/Microsvuln/advisories/blob/main/CVE-2025-59362/CVE-2025-59362.md" }, { "reference_url": "https://usn.ubuntu.com/7804-1/", "reference_id": "USN-7804-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7804-1/" }, { "reference_url": "https://usn.ubuntu.com/7804-2/", "reference_id": "USN-7804-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7804-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129658?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129659?format=api", "purl": "pkg:deb/debian/squid@7.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-59362" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8vv-ysfd-a7c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101406?format=api", "vulnerability_id": "VCID-jaew-wj9q-17fk", "summary": "Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3947.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3947.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75366", "scoring_system": "epss", "scoring_elements": "0.98906", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.75366", "scoring_system": "epss", "scoring_elements": "0.98907", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3947" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3947", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3947" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1323590", "reference_id": "1323590", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1323590" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://usn.ubuntu.com/2995-1/", "reference_id": "USN-2995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2995-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-3947" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jaew-wj9q-17fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101350?format=api", "vulnerability_id": "VCID-jn1n-gp5t-c7ft", "summary": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0094.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0094.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51138", "scoring_system": "epss", "scoring_elements": "0.97926", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.51138", "scoring_system": "epss", "scoring_elements": "0.97929", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617455", "reference_id": "1617455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:060", "reference_id": "RHSA-2005:060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:061", "reference_id": "RHSA-2005:061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:061" }, { "reference_url": "https://usn.ubuntu.com/67-1/", "reference_id": "USN-67-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/67-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129569?format=api", "purl": "pkg:deb/debian/squid@2.5.7-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0094" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jn1n-gp5t-c7ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101395?format=api", "vulnerability_id": "VCID-k1v3-u3r5-dygy", "summary": "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7142.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.64227", "scoring_system": "epss", "scoring_elements": "0.98458", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.64227", "scoring_system": "epss", "scoring_elements": "0.98461", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7142" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148832", "reference_id": "1148832", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148832" }, { "reference_url": "https://security.gentoo.org/glsa/201411-11", "reference_id": "GLSA-201411-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201411-11" }, { "reference_url": "https://usn.ubuntu.com/2422-1/", "reference_id": "USN-2422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-7142" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1v3-u3r5-dygy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101451?format=api", "vulnerability_id": "VCID-k1yk-e4zn-h3c2", "summary": "Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33620.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09639", "scoring_system": "epss", "scoring_elements": "0.93041", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09639", "scoring_system": "epss", "scoring_elements": "0.93051", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33620" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959537", "reference_id": "1959537", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4292", "reference_id": "RHSA-2021:4292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4292" }, { "reference_url": "https://usn.ubuntu.com/4981-1/", "reference_id": "USN-4981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4981-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129623?format=api", "purl": "pkg:deb/debian/squid@4.13-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-33620" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1yk-e4zn-h3c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101420?format=api", "vulnerability_id": "VCID-kdrt-mthb-y7du", "summary": "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19131.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10782", "scoring_system": "epss", "scoring_elements": "0.93483", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10782", "scoring_system": "epss", "scoring_elements": "0.93493", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19131" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645146", "reference_id": "1645146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645146" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912293", "reference_id": "912293", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912293" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129602?format=api", "purl": "pkg:deb/debian/squid@4.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kdrt-mthb-y7du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101348?format=api", "vulnerability_id": "VCID-kkry-29uk-jkfh", "summary": "Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via \"@@\" sequences in a URL within Internet Explorer.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-2480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01999", "scoring_system": "epss", "scoring_elements": "0.83975", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01999", "scoring_system": "epss", "scoring_elements": "0.83997", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-2480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2480" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24105.txt", "reference_id": "CVE-2004-2480;OSVDB-19173", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24105.txt" }, { "reference_url": "https://www.securityfocus.com/bid/10315/info", "reference_id": "CVE-2004-2480;OSVDB-19173", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/10315/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129567?format=api", "purl": "pkg:deb/debian/squid@2.5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-2480" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkry-29uk-jkfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101417?format=api", "vulnerability_id": "VCID-kks8-56y6-6kew", "summary": "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000024.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000024.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09177", "scoring_system": "epss", "scoring_elements": "0.92842", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09177", "scoring_system": "epss", "scoring_elements": "0.92854", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000027", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000027" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536939", "reference_id": "1536939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1068", "reference_id": "RHSA-2020:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1068" }, { "reference_url": "https://usn.ubuntu.com/3557-1/", "reference_id": "USN-3557-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3557-1/" }, { "reference_url": "https://usn.ubuntu.com/4059-2/", "reference_id": "USN-4059-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4059-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1000024" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kks8-56y6-6kew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101414?format=api", "vulnerability_id": "VCID-kqba-yqhn-hbav", "summary": "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4554.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4554.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.6886", "scoring_system": "epss", "scoring_elements": "0.98645", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.6886", "scoring_system": "epss", "scoring_elements": "0.98646", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334241", "reference_id": "1334241", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334241" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1138", "reference_id": "RHSA-2016:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1139", "reference_id": "RHSA-2016:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1140", "reference_id": "RHSA-2016:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1140" }, { "reference_url": "https://usn.ubuntu.com/2995-1/", "reference_id": "USN-2995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2995-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4554" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kqba-yqhn-hbav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101440?format=api", "vulnerability_id": "VCID-krap-1qmx-t7ap", "summary": "An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\\ \"-\" or an uncommon shell whitespace character prefix to the length field-value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15049.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15049.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15653", "scoring_system": "epss", "scoring_elements": "0.94826", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15653", "scoring_system": "epss", "scoring_elements": "0.94835", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18860" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15049" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550", "reference_id": "1852550", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4082", "reference_id": "RHSA-2020:4082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4551-1/", "reference_id": "USN-4551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4551-1/" }, { "reference_url": "https://usn.ubuntu.com/4895-1/", "reference_id": "USN-4895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4895-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129615?format=api", "purl": "pkg:deb/debian/squid@4.12-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.12-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15049" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krap-1qmx-t7ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4089?format=api", "vulnerability_id": "VCID-mfk5-y8xe-hqdr", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18679.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18679.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.44133", "scoring_system": "epss", "scoring_elements": "0.97613", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.44133", "scoring_system": "epss", "scoring_elements": "0.97616", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770360", "reference_id": "1770360", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770360" }, { "reference_url": "https://security.archlinux.org/ASA-201911-8", "reference_id": "ASA-201911-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201911-8" }, { "reference_url": "https://security.archlinux.org/AVG-1062", "reference_id": "AVG-1062", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1062" }, { "reference_url": "https://security.gentoo.org/glsa/202003-34", "reference_id": "GLSA-202003-34", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4213-1/", "reference_id": "USN-4213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4213-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129606?format=api", "purl": "pkg:deb/debian/squid@4.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-18679" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfk5-y8xe-hqdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101368?format=api", "vulnerability_id": "VCID-mpfx-6sfu-43gz", "summary": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2917.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2917.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51918", "scoring_system": "epss", "scoring_elements": "0.97961", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.51918", "scoring_system": "epss", "scoring_elements": "0.97964", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617765", "reference_id": "1617765", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0045", "reference_id": "RHSA-2006:0045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0052", "reference_id": "RHSA-2006:0052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0052" }, { "reference_url": "https://usn.ubuntu.com/192-1/", "reference_id": "USN-192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129581?format=api", "purl": "pkg:deb/debian/squid@2.5.10-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.10-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-2917" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mpfx-6sfu-43gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101408?format=api", "vulnerability_id": "VCID-n33d-b5uw-1yf2", "summary": "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4051.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4051.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05912", "scoring_system": "epss", "scoring_elements": "0.90775", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05912", "scoring_system": "epss", "scoring_elements": "0.90788", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329126", "reference_id": "1329126", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329126" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1138", "reference_id": "RHSA-2016:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1139", "reference_id": "RHSA-2016:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1140", "reference_id": "RHSA-2016:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1140" }, { "reference_url": "https://usn.ubuntu.com/2995-1/", "reference_id": "USN-2995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2995-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4051" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n33d-b5uw-1yf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101391?format=api", "vulnerability_id": "VCID-nxn5-5c27-tkcr", "summary": "Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0128.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0128.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.54968", "scoring_system": "epss", "scoring_elements": "0.98092", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.54968", "scoring_system": "epss", "scoring_elements": "0.98093", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0128" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074870", "reference_id": "1074870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074870" }, { "reference_url": "https://security.gentoo.org/glsa/201411-11", "reference_id": "GLSA-201411-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201411-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0597", "reference_id": "RHSA-2014:0597", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0597" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0128" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxn5-5c27-tkcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101390?format=api", "vulnerability_id": "VCID-phqh-ares-pqf8", "summary": "client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4123.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4123.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.68916", "scoring_system": "epss", "scoring_elements": "0.98647", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.68916", "scoring_system": "epss", "scoring_elements": "0.98648", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4123" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=984632", "reference_id": "984632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=984632" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/26886.pl", "reference_id": "CVE-2013-4123", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/26886.pl" }, { "reference_url": "https://security.gentoo.org/glsa/201309-22", "reference_id": "GLSA-201309-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4123" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phqh-ares-pqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101387?format=api", "vulnerability_id": "VCID-pq9r-bdfx-vqb8", "summary": "Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5643.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5643.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5643", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33163", "scoring_system": "epss", "scoring_elements": "0.96996", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.33163", "scoring_system": "epss", "scoring_elements": "0.97", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5643" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=887962", "reference_id": "887962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=887962" }, { "reference_url": "https://security.gentoo.org/glsa/201309-22", "reference_id": "GLSA-201309-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0505", "reference_id": "RHSA-2013:0505", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0505" }, { "reference_url": "https://usn.ubuntu.com/1713-1/", "reference_id": "USN-1713-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1713-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129592?format=api", "purl": "pkg:deb/debian/squid@2.7.STABLE9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.7.STABLE9-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-5643" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pq9r-bdfx-vqb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101404?format=api", "vulnerability_id": "VCID-pswa-8aa8-ukhw", "summary": "http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2571.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2571.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14329", "scoring_system": "epss", "scoring_elements": "0.94533", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14329", "scoring_system": "epss", "scoring_elements": "0.94542", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2571" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312262", "reference_id": "1312262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312262" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2600", "reference_id": "RHSA-2016:2600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2600" }, { "reference_url": "https://usn.ubuntu.com/2921-1/", "reference_id": "USN-2921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2921-1/" }, { "reference_url": "https://usn.ubuntu.com/3557-1/", "reference_id": "USN-3557-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3557-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2571" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pswa-8aa8-ukhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101403?format=api", "vulnerability_id": "VCID-ptb8-53q8-gfad", "summary": "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2570.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2570.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05488", "scoring_system": "epss", "scoring_elements": "0.90378", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05488", "scoring_system": "epss", "scoring_elements": "0.90393", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2570" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312257", "reference_id": "1312257", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312257" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2600", "reference_id": "RHSA-2016:2600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2600" }, { "reference_url": "https://usn.ubuntu.com/3557-1/", "reference_id": "USN-3557-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3557-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2570" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptb8-53q8-gfad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4091?format=api", "vulnerability_id": "VCID-ptdh-k28q-q3at", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12526.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12526.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39194", "scoring_system": "epss", "scoring_elements": "0.97363", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.39194", "scoring_system": "epss", "scoring_elements": "0.97367", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770356", "reference_id": "1770356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770356" }, { "reference_url": "https://security.archlinux.org/ASA-201911-8", "reference_id": "ASA-201911-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201911-8" }, { "reference_url": "https://security.archlinux.org/AVG-1062", "reference_id": "AVG-1062", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1062" }, { "reference_url": "https://security.gentoo.org/glsa/202003-34", "reference_id": "GLSA-202003-34", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4213-1/", "reference_id": "USN-4213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4213-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129606?format=api", "purl": "pkg:deb/debian/squid@4.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12526" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptdh-k28q-q3at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5191?format=api", "vulnerability_id": "VCID-ptu8-w3ps-gfbz", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28116.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10515", "scoring_system": "epss", "scoring_elements": "0.93392", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10515", "scoring_system": "epss", "scoring_elements": "0.93403", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46784" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939939", "reference_id": "1939939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939939" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986804", "reference_id": "986804", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986804" }, { "reference_url": "https://security.archlinux.org/AVG-1667", "reference_id": "AVG-1667", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1667" }, { "reference_url": "https://security.gentoo.org/glsa/202105-14", "reference_id": "GLSA-202105-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1939", "reference_id": "RHSA-2022:1939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1939" }, { "reference_url": "https://usn.ubuntu.com/5104-1/", "reference_id": "USN-5104-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5104-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129620?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129618?format=api", "purl": "pkg:deb/debian/squid@5.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28116" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptu8-w3ps-gfbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5504?format=api", "vulnerability_id": "VCID-q39b-rxx4-uffu", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28652.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70996", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.71038", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962246", "reference_id": "1962246", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962246" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988892", "reference_id": "988892", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988892" }, { "reference_url": "https://security.archlinux.org/ASA-202105-10", "reference_id": "ASA-202105-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-10" }, { "reference_url": "https://security.archlinux.org/AVG-1949", "reference_id": "AVG-1949", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1949" }, { "reference_url": "https://security.gentoo.org/glsa/202105-14", "reference_id": "GLSA-202105-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4292", "reference_id": "RHSA-2021:4292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4292" }, { "reference_url": "https://usn.ubuntu.com/4981-1/", "reference_id": "USN-4981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4981-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129623?format=api", "purl": "pkg:deb/debian/squid@4.13-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28652" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q39b-rxx4-uffu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101363?format=api", "vulnerability_id": "VCID-q6dn-87uh-sffd", "summary": "Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0718.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0718.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12597", "scoring_system": "epss", "scoring_elements": "0.94084", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12597", "scoring_system": "epss", "scoring_elements": "0.94092", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0718" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0718", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0718" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617563", "reference_id": "1617563", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617563" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305605", "reference_id": "305605", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305605" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:415", "reference_id": "RHSA-2005:415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:489", "reference_id": "RHSA-2005:489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:489" }, { "reference_url": "https://usn.ubuntu.com/111-1/", "reference_id": "USN-111-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/111-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129566?format=api", "purl": "pkg:deb/debian/squid@2.5.8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0718" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6dn-87uh-sffd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101416?format=api", "vulnerability_id": "VCID-qajc-u4gq-vfbf", "summary": "Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4556.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4556.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.56857", "scoring_system": "epss", "scoring_elements": "0.98172", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.56857", "scoring_system": "epss", "scoring_elements": "0.98174", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4556" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334786", "reference_id": "1334786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334786" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1138", "reference_id": "RHSA-2016:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1139", "reference_id": "RHSA-2016:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1140", "reference_id": "RHSA-2016:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1140" }, { "reference_url": "https://usn.ubuntu.com/2995-1/", "reference_id": "USN-2995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2995-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4556" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qajc-u4gq-vfbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101334?format=api", "vulnerability_id": "VCID-qds8-ta3k-zydv", "summary": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-0714.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-0714.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38182", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38271", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-0714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0714" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616801", "reference_id": "1616801", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:051", "reference_id": "RHSA-2002:051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:130", "reference_id": "RHSA-2002:130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:130" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129558?format=api", "purl": "pkg:deb/debian/squid@2.4.6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.4.6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2002-0714" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qds8-ta3k-zydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101383?format=api", "vulnerability_id": "VCID-qg6z-kgdf-a7et", "summary": "lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0308.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0308.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11036", "scoring_system": "epss", "scoring_elements": "0.93576", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11036", "scoring_system": "epss", "scoring_elements": "0.93587", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0308" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=556389", "reference_id": "556389", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=556389" }, { "reference_url": "https://security.gentoo.org/glsa/201110-24", "reference_id": "GLSA-201110-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0221", "reference_id": "RHSA-2010:0221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0221" }, { "reference_url": "https://usn.ubuntu.com/901-1/", "reference_id": "USN-901-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/901-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129591?format=api", "purl": "pkg:deb/debian/squid@2.7.STABLE8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.7.STABLE8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-0308" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qg6z-kgdf-a7et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101365?format=api", "vulnerability_id": "VCID-qg7m-8cuw-h7fx", "summary": "Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1519.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1519.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-1519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24581", "scoring_system": "epss", "scoring_elements": "0.96227", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.24581", "scoring_system": "epss", "scoring_elements": "0.96232", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-1519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1519" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617653", "reference_id": "1617653", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617653" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309504", "reference_id": "309504", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309504" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:415", "reference_id": "RHSA-2005:415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:489", "reference_id": "RHSA-2005:489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:489" }, { "reference_url": "https://usn.ubuntu.com/129-1/", "reference_id": "USN-129-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/129-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129577?format=api", "purl": "pkg:deb/debian/squid@2.5.9-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.9-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-1519" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qg7m-8cuw-h7fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101366?format=api", "vulnerability_id": "VCID-qnfb-nqyv-17ar", "summary": "store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2794.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2794.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12518", "scoring_system": "epss", "scoring_elements": "0.94063", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12518", "scoring_system": "epss", "scoring_elements": "0.94071", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617754", "reference_id": "1617754", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617754" }, { "reference_url": "https://security.gentoo.org/glsa/200509-06", "reference_id": "GLSA-200509-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200509-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:766", "reference_id": "RHSA-2005:766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:766" }, { "reference_url": "https://usn.ubuntu.com/183-1/", "reference_id": "USN-183-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/183-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129579?format=api", "purl": "pkg:deb/debian/squid@2.5.10-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.10-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-2794" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnfb-nqyv-17ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101436?format=api", "vulnerability_id": "VCID-r4db-5e11-23ce", "summary": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18860.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18860.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18860", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04339", "scoring_system": "epss", "scoring_elements": "0.89109", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04339", "scoring_system": "epss", "scoring_elements": "0.89126", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18860" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18860" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15049" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817121", "reference_id": "1817121", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4356-1/", "reference_id": "USN-4356-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4356-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129606?format=api", "purl": "pkg:deb/debian/squid@4.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-18860" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4db-5e11-23ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101434?format=api", "vulnerability_id": "VCID-r69g-yc8t-zua3", "summary": "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18676.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18676.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01373", "scoring_system": "epss", "scoring_elements": "0.80569", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01373", "scoring_system": "epss", "scoring_elements": "0.80595", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770375", "reference_id": "1770375", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4213-1/", "reference_id": "USN-4213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4213-1/" }, { "reference_url": "https://usn.ubuntu.com/4446-1/", "reference_id": "USN-4446-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4446-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129606?format=api", "purl": "pkg:deb/debian/squid@4.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-18676" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r69g-yc8t-zua3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5505?format=api", "vulnerability_id": "VCID-rkq7-bnee-ekgr", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28651.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28651.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06133", "scoring_system": "epss", "scoring_elements": "0.90957", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06133", "scoring_system": "epss", "scoring_elements": "0.90971", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962243", "reference_id": "1962243", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962243" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988893", "reference_id": "988893", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988893" }, { "reference_url": "https://security.archlinux.org/ASA-202105-10", "reference_id": "ASA-202105-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-10" }, { "reference_url": "https://security.archlinux.org/AVG-1949", "reference_id": "AVG-1949", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1949" }, { "reference_url": "https://security.gentoo.org/glsa/202105-14", "reference_id": "GLSA-202105-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4292", "reference_id": "RHSA-2021:4292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14414", "reference_id": "RHSA-2025:14414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14414" }, { "reference_url": "https://usn.ubuntu.com/4981-1/", "reference_id": "USN-4981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4981-1/" }, { "reference_url": "https://usn.ubuntu.com/6857-1/", "reference_id": "USN-6857-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6857-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129623?format=api", "purl": "pkg:deb/debian/squid@4.13-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28651" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkq7-bnee-ekgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101394?format=api", "vulnerability_id": "VCID-rnx4-ypsm-5fbq", "summary": "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7141.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77333", "scoring_system": "epss", "scoring_elements": "0.98997", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.77333", "scoring_system": "epss", "scoring_elements": "0.98999", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7141" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139715", "reference_id": "1139715", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139715" }, { "reference_url": "https://security.gentoo.org/glsa/201411-11", "reference_id": "GLSA-201411-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201411-11" }, { "reference_url": "https://usn.ubuntu.com/2422-1/", "reference_id": "USN-2422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-7141" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rnx4-ypsm-5fbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101346?format=api", "vulnerability_id": "VCID-ru9c-dnst-afck", "summary": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0918.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0918.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.68742", "scoring_system": "epss", "scoring_elements": "0.9864", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=453211", "reference_id": "453211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=453211" }, { "reference_url": "https://security.gentoo.org/glsa/200410-15", "reference_id": "GLSA-200410-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200410-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2004:591", "reference_id": "RHSA-2004:591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2004:591" }, { "reference_url": "https://usn.ubuntu.com/19-1/", "reference_id": "USN-19-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/19-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129565?format=api", "purl": "pkg:deb/debian/squid@2.5.7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-0918" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ru9c-dnst-afck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101425?format=api", "vulnerability_id": "VCID-s2yj-54je-z3a6", "summary": "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12523.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12523.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68551", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68592", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770371", "reference_id": "1770371", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4213-1/", "reference_id": "USN-4213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4213-1/" }, { "reference_url": "https://usn.ubuntu.com/4446-1/", "reference_id": "USN-4446-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4446-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129606?format=api", "purl": "pkg:deb/debian/squid@4.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12523" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s2yj-54je-z3a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89976?format=api", "vulnerability_id": "VCID-ssxr-73gq-kbaf", "summary": "squid: Out-of-bounds write error may lead to Denial of Service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37894.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37894.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.80103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37894" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37894", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37894" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074284", "reference_id": "1074284", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074284" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294353", "reference_id": "2294353", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294353" }, { "reference_url": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch", "reference_id": "f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T14:07:04Z/" } ], "url": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg", "reference_id": "GHSA-wgvf-q977-9xjg", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T14:07:04Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240719-0001/", "reference_id": "ntap-20240719-0001", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T14:07:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240719-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4861", "reference_id": "RHSA-2024:4861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5906", "reference_id": "RHSA-2024:5906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5906" }, { "reference_url": "https://usn.ubuntu.com/6907-1/", "reference_id": "USN-6907-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6907-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129652?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129654?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129655?format=api", "purl": "pkg:deb/debian/squid@6.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-37894" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssxr-73gq-kbaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73487?format=api", "vulnerability_id": "VCID-t3w4-62ms-9ybz", "summary": "squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16244", "scoring_system": "epss", "scoring_elements": "0.9495", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62168" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f", "reference_id": "0951a0681011dfca3d78c84fd7f1e19c78a4443f", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-18T03:55:46Z/" } ], "url": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118341", "reference_id": "1118341", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118341" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404736", "reference_id": "2404736", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404736" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr", "reference_id": "GHSA-c8cc-phh7-xmxr", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-18T03:55:46Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19107", "reference_id": "RHSA-2025:19107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19114", "reference_id": "RHSA-2025:19114", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19114" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19115", "reference_id": "RHSA-2025:19115", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19115" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19118", "reference_id": "RHSA-2025:19118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19167", "reference_id": "RHSA-2025:19167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19277", "reference_id": "RHSA-2025:19277", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19277" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19398", "reference_id": "RHSA-2025:19398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19967", "reference_id": "RHSA-2025:19967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20935", "reference_id": "RHSA-2025:20935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21002", "reference_id": "RHSA-2025:21002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21065", "reference_id": "RHSA-2025:21065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21066", "reference_id": "RHSA-2025:21066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21090", "reference_id": "RHSA-2025:21090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21090" }, { "reference_url": "https://usn.ubuntu.com/7845-1/", "reference_id": "USN-7845-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7845-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129658?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129660?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129659?format=api", "purl": "pkg:deb/debian/squid@7.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-62168" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t3w4-62ms-9ybz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91233?format=api", "vulnerability_id": "VCID-t6es-ts47-7qfd", "summary": "squid: denial of service in HTTP header parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25617.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25617.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01301", "scoring_system": "epss", "scoring_elements": "0.801", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264309", "reference_id": "2264309", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264309" }, { "reference_url": "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817", "reference_id": "72a3bbd5e431597c3fdb56d752bc56b010ba3817", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-16T18:04:53Z/" } ], "url": "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr", "reference_id": "GHSA-h5x6-w8mv-xfpr", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-16T18:04:53Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240322-0006/", "reference_id": "ntap-20240322-0006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-16T18:04:53Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240322-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1062", "reference_id": "RHSA-2024:1062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1066", "reference_id": "RHSA-2024:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1184", "reference_id": "RHSA-2024:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1375", "reference_id": "RHSA-2024:1375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1376", "reference_id": "RHSA-2024:1376", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1376" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1787", "reference_id": "RHSA-2024:1787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1787" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1832", "reference_id": "RHSA-2024:1832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1833", "reference_id": "RHSA-2024:1833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2777", "reference_id": "RHSA-2024:2777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2777" }, { "reference_url": "https://usn.ubuntu.com/6728-1/", "reference_id": "USN-6728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6728-1/" }, { "reference_url": "https://usn.ubuntu.com/6857-1/", "reference_id": "USN-6857-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6857-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129632?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129633?format=api", "purl": "pkg:deb/debian/squid@6.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-25617" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6es-ts47-7qfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101392?format=api", "vulnerability_id": "VCID-t7px-3uvt-a3hn", "summary": "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3609.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3609.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3609", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8285", "scoring_system": "epss", "scoring_elements": "0.99265", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.8285", "scoring_system": "epss", "scoring_elements": "0.99266", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3609" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3609", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3609" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1134209", "reference_id": "1134209", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1134209" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776194", "reference_id": "776194", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1147", "reference_id": "RHSA-2014:1147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1148", "reference_id": "RHSA-2014:1148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1148" }, { "reference_url": "https://usn.ubuntu.com/2327-1/", "reference_id": "USN-2327-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2327-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129596?format=api", "purl": "pkg:deb/debian/squid@2.7.STABLE9-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.7.STABLE9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3609" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t7px-3uvt-a3hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101421?format=api", "vulnerability_id": "VCID-tmvv-sp9e-pyc2", "summary": "Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19132.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19132.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11349", "scoring_system": "epss", "scoring_elements": "0.93684", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11349", "scoring_system": "epss", "scoring_elements": "0.93693", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19132" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19132", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19132" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645154", "reference_id": "1645154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645154" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912294", "reference_id": "912294", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912294" }, { "reference_url": "https://usn.ubuntu.com/4059-1/", "reference_id": "USN-4059-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4059-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129602?format=api", "purl": "pkg:deb/debian/squid@4.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19132" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tmvv-sp9e-pyc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101371?format=api", "vulnerability_id": "VCID-tngg-53p5-n3hc", "summary": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0247.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43589", "scoring_system": "epss", "scoring_elements": "0.97585", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.43589", "scoring_system": "epss", "scoring_elements": "0.9759", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0247" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=222883", "reference_id": "222883", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=222883" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29473.txt", "reference_id": "CVE-2007-0247;OSVDB-39839", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29473.txt" }, { "reference_url": "https://www.securityfocus.com/bid/22079/info", "reference_id": "CVE-2007-0247;OSVDB-39839", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/22079/info" }, { "reference_url": "https://security.gentoo.org/glsa/200701-22", "reference_id": "GLSA-200701-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200701-22" }, { "reference_url": "https://usn.ubuntu.com/414-1/", "reference_id": "USN-414-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/414-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129582?format=api", "purl": "pkg:deb/debian/squid@2.6.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.6.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-0247" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tngg-53p5-n3hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101437?format=api", "vulnerability_id": "VCID-tpkk-2gpk-yqg9", "summary": "The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1803", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3688" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-3688" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tpkk-2gpk-yqg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101384?format=api", "vulnerability_id": "VCID-tqfm-fsxd-4udg", "summary": "The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0639.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0639.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0639", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49372", "scoring_system": "epss", "scoring_elements": "0.97843", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.49372", "scoring_system": "epss", "scoring_elements": "0.97847", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0639" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0639", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0639" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=565426", "reference_id": "565426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=565426" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572553", "reference_id": "572553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572553" }, { "reference_url": "https://security.gentoo.org/glsa/201110-24", "reference_id": "GLSA-201110-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-24" }, { "reference_url": "https://usn.ubuntu.com/904-1/", "reference_id": "USN-904-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/904-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129591?format=api", "purl": "pkg:deb/debian/squid@2.7.STABLE8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.7.STABLE8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-0639" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqfm-fsxd-4udg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101407?format=api", "vulnerability_id": "VCID-tr27-d4mz-yydt", "summary": "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3948.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3948.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.69622", "scoring_system": "epss", "scoring_elements": "0.98676", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.69622", "scoring_system": "epss", "scoring_elements": "0.98677", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1323594", "reference_id": "1323594", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1323594" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2600", "reference_id": "RHSA-2016:2600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2600" }, { "reference_url": "https://usn.ubuntu.com/3557-1/", "reference_id": "USN-3557-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3557-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-3948" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tr27-d4mz-yydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101374?format=api", "vulnerability_id": "VCID-ts68-9k9c-nbam", "summary": "The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1560.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1560.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1560", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70551", "scoring_system": "epss", "scoring_elements": "0.9871", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.70551", "scoring_system": "epss", "scoring_elements": "0.98711", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1560" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618302", "reference_id": "1618302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618302" }, { "reference_url": "https://security.gentoo.org/glsa/200703-27", "reference_id": "GLSA-200703-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200703-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0131", "reference_id": "RHSA-2007:0131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0131" }, { "reference_url": "https://usn.ubuntu.com/441-1/", "reference_id": "USN-441-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/441-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129584?format=api", "purl": "pkg:deb/debian/squid@2.6.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.6.5-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-1560" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ts68-9k9c-nbam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101342?format=api", "vulnerability_id": "VCID-tssg-ugfw-duhk", "summary": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0189.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02494", "scoring_system": "epss", "scoring_elements": "0.85593", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02494", "scoring_system": "epss", "scoring_elements": "0.85615", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617177", "reference_id": "1617177", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617177" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/23777.txt", "reference_id": "CVE-2004-0189;OSVDB-5916", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/23777.txt" }, { "reference_url": "https://www.securityfocus.com/bid/9778/info", "reference_id": "CVE-2004-0189;OSVDB-5916", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/9778/info" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2004:133", "reference_id": "RHSA-2004:133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2004:133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2004:134", "reference_id": "RHSA-2004:134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2004:134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129562?format=api", "purl": "pkg:deb/debian/squid@2.5.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-0189" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tssg-ugfw-duhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4099?format=api", "vulnerability_id": "VCID-tx95-zybd-kfck", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12527.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1216", "scoring_system": "epss", "scoring_elements": "0.93954", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1216", "scoring_system": "epss", "scoring_elements": "0.93963", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730533", "reference_id": "1730533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730533" }, { "reference_url": "https://security.archlinux.org/ASA-201907-5", "reference_id": "ASA-201907-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-5" }, { "reference_url": "https://security.archlinux.org/AVG-1004", "reference_id": "AVG-1004", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2593", "reference_id": "RHSA-2019:2593", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2593" }, { "reference_url": "https://usn.ubuntu.com/4065-1/", "reference_id": "USN-4065-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4065-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129604?format=api", "purl": "pkg:deb/debian/squid@4.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12527" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tx95-zybd-kfck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101381?format=api", "vulnerability_id": "VCID-u2fc-fqcr-rfgq", "summary": "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) \"missing or mismatched protocol identifier,\" (2) missing or negative status value,\" (3) \"missing version,\" or (4) \"missing or invalid status number,\" related to (a) HttpMsg.cc and (b) HttpReply.cc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2622.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2622.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26189", "scoring_system": "epss", "scoring_elements": "0.96395", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.26189", "scoring_system": "epss", "scoring_elements": "0.964", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2622" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=514013", "reference_id": "514013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514013" }, { "reference_url": "https://security.gentoo.org/glsa/201110-24", "reference_id": "GLSA-201110-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-2622" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2fc-fqcr-rfgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101370?format=api", "vulnerability_id": "VCID-u8gf-87r9-wfcu", "summary": "Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3322", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72619", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72659", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3322" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-3322" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8gf-87r9-wfcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101430?format=api", "vulnerability_id": "VCID-u9xe-qp75-j3by", "summary": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12529.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12529.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17466", "scoring_system": "epss", "scoring_elements": "0.95198", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.17466", "scoring_system": "epss", "scoring_elements": "0.95205", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730528", "reference_id": "1730528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4065-1/", "reference_id": "USN-4065-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4065-1/" }, { "reference_url": "https://usn.ubuntu.com/4065-2/", "reference_id": "USN-4065-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4065-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129604?format=api", "purl": "pkg:deb/debian/squid@4.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12529" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9xe-qp75-j3by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101362?format=api", "vulnerability_id": "VCID-u9zn-mbvn-wqf6", "summary": "Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0626.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0626.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25729", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25832", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0626" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617553", "reference_id": "1617553", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:415", "reference_id": "RHSA-2005:415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:415" }, { "reference_url": "https://usn.ubuntu.com/93-1/", "reference_id": "USN-93-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/93-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129575?format=api", "purl": "pkg:deb/debian/squid@2.5.9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.9-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0626" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9zn-mbvn-wqf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101401?format=api", "vulnerability_id": "VCID-uusw-t2an-subt", "summary": "The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2390.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21283", "scoring_system": "epss", "scoring_elements": "0.9579", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.21283", "scoring_system": "epss", "scoring_elements": "0.95794", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2390" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308865", "reference_id": "1308865", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308865" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2390" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uusw-t2an-subt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92204?format=api", "vulnerability_id": "VCID-vjfh-zvm8-1bck", "summary": "squid: denial of Service in FTP", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46848.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46848.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07162", "scoring_system": "epss", "scoring_elements": "0.91726", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46848" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055251", "reference_id": "1055251", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055251" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245919", "reference_id": "2245919", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6266", "reference_id": "RHSA-2023:6266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6268", "reference_id": "RHSA-2023:6268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6748", "reference_id": "RHSA-2023:6748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6748" }, { "reference_url": "https://usn.ubuntu.com/6500-1/", "reference_id": "USN-6500-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6500-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129632?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129633?format=api", "purl": "pkg:deb/debian/squid@6.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-46848" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjfh-zvm8-1bck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101452?format=api", "vulnerability_id": "VCID-vq4z-dh63-dqcr", "summary": "In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46784.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16362", "scoring_system": "epss", "scoring_elements": "0.9498", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.16362", "scoring_system": "epss", "scoring_elements": "0.94988", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46784" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100721", "reference_id": "2100721", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5526", "reference_id": "RHSA-2022:5526", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5526" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5527", "reference_id": "RHSA-2022:5527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5528", "reference_id": "RHSA-2022:5528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5529", "reference_id": "RHSA-2022:5529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5530", "reference_id": "RHSA-2022:5530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5542", "reference_id": "RHSA-2022:5542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5542" }, { "reference_url": "https://usn.ubuntu.com/5491-1/", "reference_id": "USN-5491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129620?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129626?format=api", "purl": "pkg:deb/debian/squid@5.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-46784" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vq4z-dh63-dqcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101418?format=api", "vulnerability_id": "VCID-vtfj-m8fv-67fz", "summary": "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000027.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000027.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000027", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.65998", "scoring_system": "epss", "scoring_elements": "0.9853", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.65998", "scoring_system": "epss", "scoring_elements": "0.98533", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000027" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000027", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000027" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536942", "reference_id": "1536942", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1068", "reference_id": "RHSA-2020:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1068" }, { "reference_url": "https://usn.ubuntu.com/3557-1/", "reference_id": "USN-3557-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3557-1/" }, { "reference_url": "https://usn.ubuntu.com/4059-2/", "reference_id": "USN-4059-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4059-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1000027" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtfj-m8fv-67fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92197?format=api", "vulnerability_id": "VCID-vunj-31xk-9bcf", "summary": "squid: Request/Response smuggling in HTTP/1.1 and ICAP", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46846.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46846.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09816", "scoring_system": "epss", "scoring_elements": "0.93123", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054537", "reference_id": "1054537", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054537" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245910", "reference_id": "2245910", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245910" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.1::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.1::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.1::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-46846", "reference_id": "CVE-2023-46846", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-46846" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh", "reference_id": "GHSA-j83v-w3p4-5cqh", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6266", "reference_id": "RHSA-2023:6266", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:6266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6267", "reference_id": "RHSA-2023:6267", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:6267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6268", "reference_id": "RHSA-2023:6268", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:6268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6748", "reference_id": "RHSA-2023:6748", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:6748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6801", "reference_id": "RHSA-2023:6801", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:6801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6803", "reference_id": "RHSA-2023:6803", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:6803" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6804", "reference_id": "RHSA-2023:6804", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:6804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6810", "reference_id": "RHSA-2023:6810", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:6810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7213", "reference_id": "RHSA-2023:7213", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11049", "reference_id": "RHSA-2024:11049", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T21:18:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:11049" }, { "reference_url": "https://usn.ubuntu.com/6500-1/", "reference_id": "USN-6500-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6500-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129632?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129633?format=api", "purl": "pkg:deb/debian/squid@6.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-46846" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vunj-31xk-9bcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101385?format=api", "vulnerability_id": "VCID-wg99-dwxv-f3ft", "summary": "The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3072.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3072.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72511", "scoring_system": "epss", "scoring_elements": "0.98784", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.72511", "scoring_system": "epss", "scoring_elements": "0.98785", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3072" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630444", "reference_id": "630444", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630444" }, { "reference_url": "https://security.gentoo.org/glsa/201110-24", "reference_id": "GLSA-201110-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0545", "reference_id": "RHSA-2011:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0545" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-3072" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wg99-dwxv-f3ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101443?format=api", "vulnerability_id": "VCID-wgzx-2d4n-pub4", "summary": "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24606.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24606.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24606", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06342", "scoring_system": "epss", "scoring_elements": "0.91147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06342", "scoring_system": "epss", "scoring_elements": "0.9116", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15811" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24606" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705", "reference_id": "1871705", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968933", "reference_id": "968933", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4082", "reference_id": "RHSA-2020:4082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4743", "reference_id": "RHSA-2020:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "reference_url": "https://usn.ubuntu.com/4477-1/", "reference_id": "USN-4477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4477-1/" }, { "reference_url": "https://usn.ubuntu.com/4551-1/", "reference_id": "USN-4551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129616?format=api", "purl": "pkg:deb/debian/squid@4.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-24606" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgzx-2d4n-pub4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101345?format=api", "vulnerability_id": "VCID-wjb2-xee7-r3aj", "summary": "The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0832.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0832.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12288", "scoring_system": "epss", "scoring_elements": "0.93994", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12288", "scoring_system": "epss", "scoring_elements": "0.94003", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0832" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617307", "reference_id": "1617307", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617307" }, { "reference_url": "https://security.gentoo.org/glsa/200409-04", "reference_id": "GLSA-200409-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200409-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2004:462", "reference_id": "RHSA-2004:462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2004:462" }, { "reference_url": "https://usn.ubuntu.com/19-1/", "reference_id": "USN-19-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/19-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129564?format=api", "purl": "pkg:deb/debian/squid@2.5.6-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.6-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-0832" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wjb2-xee7-r3aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101369?format=api", "vulnerability_id": "VCID-wjz5-fn94-vuay", "summary": "The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain \"odd\" responses.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3258.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3258.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3258", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24101", "scoring_system": "epss", "scoring_elements": "0.96165", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.24101", "scoring_system": "epss", "scoring_elements": "0.96171", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3258" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-3258" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wjz5-fn94-vuay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101356?format=api", "vulnerability_id": "VCID-wnju-cy2b-ducs", "summary": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0175.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77757", "scoring_system": "epss", "scoring_elements": "0.99015", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.77757", "scoring_system": "epss", "scoring_elements": "0.99016", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0175" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0175", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0175" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617480", "reference_id": "1617480", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:060", "reference_id": "RHSA-2005:060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:061", "reference_id": "RHSA-2005:061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:061" }, { "reference_url": "https://usn.ubuntu.com/77-1/", "reference_id": "USN-77-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/77-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129570?format=api", "purl": "pkg:deb/debian/squid@2.5.7-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0175" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wnju-cy2b-ducs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101349?format=api", "vulnerability_id": "VCID-wsxk-va4y-1yej", "summary": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-2654.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-2654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-2654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66675", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66715", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-2654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2654" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129568?format=api", "purl": "pkg:deb/debian/squid@2.5.6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-2654" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wsxk-va4y-1yej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3186?format=api", "vulnerability_id": "VCID-wtj6-hbvh-9qe4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41317.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41317.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83884", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83861", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41318", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41318" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/09/23/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:18:46Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/09/23/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020587", "reference_id": "1020587", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020587" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129770", "reference_id": "2129770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129770" }, { "reference_url": "https://security.archlinux.org/AVG-2816", "reference_id": "AVG-2816", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2816" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq", "reference_id": "GHSA-rcg9-7fqm-83mq", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:18:46Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq" }, { "reference_url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch", "reference_id": "SQUID-2022_1.patch", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:18:46Z/" } ], "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch" }, { "reference_url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch", "reference_id": "SQUID-2022_1.patch", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:18:46Z/" } ], "url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch" }, { "reference_url": "https://usn.ubuntu.com/5641-1/", "reference_id": "USN-5641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129629?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129628?format=api", "purl": "pkg:deb/debian/squid@5.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-41317" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wtj6-hbvh-9qe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101399?format=api", "vulnerability_id": "VCID-x2zt-6c9e-xuck", "summary": "Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3455.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3455.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3455", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06474", "scoring_system": "epss", "scoring_elements": "0.9125", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06474", "scoring_system": "epss", "scoring_elements": "0.91263", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3455" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218118", "reference_id": "1218118", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2378", "reference_id": "RHSA-2015:2378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129589?format=api", "purl": "pkg:deb/debian/squid@4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3455" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2zt-6c9e-xuck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101415?format=api", "vulnerability_id": "VCID-x6a1-9sht-uueb", "summary": "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4555.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4555.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.62841", "scoring_system": "epss", "scoring_elements": "0.98404", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.62841", "scoring_system": "epss", "scoring_elements": "0.98407", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334246", "reference_id": "1334246", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334246" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1139", "reference_id": "RHSA-2016:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1140", "reference_id": "RHSA-2016:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1140" }, { "reference_url": "https://usn.ubuntu.com/2995-1/", "reference_id": "USN-2995-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2995-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4555" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6a1-9sht-uueb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91342?format=api", "vulnerability_id": "VCID-xeks-5rpn-5fb4", "summary": "squid: vulnerable to a Denial of Service attack against Cache Manager error responses", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23638.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23638.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12145", "scoring_system": "epss", "scoring_elements": "0.9396", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260051", "reference_id": "2260051", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4861", "reference_id": "RHSA-2024:4861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9644", "reference_id": "RHSA-2024:9644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9644" }, { "reference_url": "https://usn.ubuntu.com/6728-1/", "reference_id": "USN-6728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129632?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129646?format=api", "purl": "pkg:deb/debian/squid@6.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-23638" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xeks-5rpn-5fb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101377?format=api", "vulnerability_id": "VCID-xrsk-4r8v-xqh2", "summary": "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1612.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1612.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1612", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13093", "scoring_system": "epss", "scoring_elements": "0.94242", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.13093", "scoring_system": "epss", "scoring_elements": "0.9425", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1612" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=439801", "reference_id": "439801", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=439801" }, { "reference_url": "https://security.gentoo.org/glsa/200903-38", "reference_id": "GLSA-200903-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200903-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0214", "reference_id": "RHSA-2008:0214", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0214" }, { "reference_url": "https://usn.ubuntu.com/601-1/", "reference_id": "USN-601-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/601-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129586?format=api", "purl": "pkg:deb/debian/squid@2.6.18-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.6.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-1612" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrsk-4r8v-xqh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101360?format=api", "vulnerability_id": "VCID-xz37-ydtt-juh5", "summary": "Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0446.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0446.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.65887", "scoring_system": "epss", "scoring_elements": "0.98526", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.65887", "scoring_system": "epss", "scoring_elements": "0.98529", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617523", "reference_id": "1617523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:173", "reference_id": "RHSA-2005:173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:201", "reference_id": "RHSA-2005:201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:201" }, { "reference_url": "https://usn.ubuntu.com/84-1/", "reference_id": "USN-84-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/84-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129573?format=api", "purl": "pkg:deb/debian/squid@2.5.8-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.8-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0446" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xz37-ydtt-juh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101353?format=api", "vulnerability_id": "VCID-xzre-8mk2-gyfa", "summary": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0097.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.48277", "scoring_system": "epss", "scoring_elements": "0.97792", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.48277", "scoring_system": "epss", "scoring_elements": "0.97795", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0097" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617458", "reference_id": "1617458", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:060", "reference_id": "RHSA-2005:060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:061", "reference_id": "RHSA-2005:061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:061" }, { "reference_url": "https://usn.ubuntu.com/67-1/", "reference_id": "USN-67-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/67-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129569?format=api", "purl": "pkg:deb/debian/squid@2.5.7-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.7-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0097" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xzre-8mk2-gyfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101347?format=api", "vulnerability_id": "VCID-y8s6-9ezw-e7a2", "summary": "Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-2479.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-2479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-2479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0103", "scoring_system": "epss", "scoring_elements": "0.77663", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0103", "scoring_system": "epss", "scoring_elements": "0.7769", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-2479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617425", "reference_id": "1617425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:766", "reference_id": "RHSA-2005:766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:766" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129566?format=api", "purl": "pkg:deb/debian/squid@2.5.8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-2479" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y8s6-9ezw-e7a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5190?format=api", "vulnerability_id": "VCID-yfe1-64pn-gbgc", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41611.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41611.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78575", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78602", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41611" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010685", "reference_id": "2010685", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010685" }, { "reference_url": "https://security.archlinux.org/AVG-1667", "reference_id": "AVG-1667", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1667" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129618?format=api", "purl": "pkg:deb/debian/squid@5.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41611" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfe1-64pn-gbgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87764?format=api", "vulnerability_id": "VCID-yhrb-q44p-c3bk", "summary": "squid: Denial of Service processing ESI response content", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45802.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45802.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76389", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45802" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322154", "reference_id": "2322154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322154" }, { "reference_url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj", "reference_id": "GHSA-f975-v7qw-q7hj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T14:47:34Z/" } ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9624", "reference_id": "RHSA-2024:9624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9625", "reference_id": "RHSA-2024:9625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9644", "reference_id": "RHSA-2024:9644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9677", "reference_id": "RHSA-2024:9677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9678", "reference_id": "RHSA-2024:9678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9729", "reference_id": "RHSA-2024:9729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9738", "reference_id": "RHSA-2024:9738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9813", "reference_id": "RHSA-2024:9813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9814", "reference_id": "RHSA-2024:9814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9815", "reference_id": "RHSA-2024:9815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9815" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129652?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129656?format=api", "purl": "pkg:deb/debian/squid@6.12-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.12-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45802" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhrb-q44p-c3bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101402?format=api", "vulnerability_id": "VCID-z9fz-nr3a-vqar", "summary": "Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2569.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2569.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2569", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70316", "scoring_system": "epss", "scoring_elements": "0.98702", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.70316", "scoring_system": "epss", "scoring_elements": "0.98703", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2569" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312257", "reference_id": "1312257", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312257" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2600", "reference_id": "RHSA-2016:2600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2600" }, { "reference_url": "https://usn.ubuntu.com/3557-1/", "reference_id": "USN-3557-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3557-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2569" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z9fz-nr3a-vqar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101343?format=api", "vulnerability_id": "VCID-z9sc-3ube-abaq", "summary": "Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password (\"pass\" variable).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0541.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0541.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0541", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76951", "scoring_system": "epss", "scoring_elements": "0.98977", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.76951", "scoring_system": "epss", "scoring_elements": "0.98978", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0541" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0541" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617226", "reference_id": "1617226", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617226" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16847.rb", "reference_id": "CVE-2004-0541;OSVDB-6791", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16847.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9951.rb", "reference_id": "CVE-2004-0541;OSVDB-6791", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9951.rb" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2004:242", "reference_id": "RHSA-2004:242", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2004:242" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129563?format=api", "purl": "pkg:deb/debian/squid@2.5.5-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@2.5.5-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-0541" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z9sc-3ube-abaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101428?format=api", "vulnerability_id": "VCID-ze1z-qhyc-8ygm", "summary": "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12525.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12525.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12525", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.54551", "scoring_system": "epss", "scoring_elements": "0.98073", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.54551", "scoring_system": "epss", "scoring_elements": "0.98075", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12525" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730535", "reference_id": "1730535", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2040", "reference_id": "RHSA-2020:2040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2041", "reference_id": "RHSA-2020:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2041" }, { "reference_url": "https://usn.ubuntu.com/4065-1/", "reference_id": "USN-4065-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4065-1/" }, { "reference_url": "https://usn.ubuntu.com/4065-2/", "reference_id": "USN-4065-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4065-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129604?format=api", "purl": "pkg:deb/debian/squid@4.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12525" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ze1z-qhyc-8ygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101389?format=api", "vulnerability_id": "VCID-zq3z-pce4-5udp", "summary": "Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4115.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75061", "scoring_system": "epss", "scoring_elements": "0.98893", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.75061", "scoring_system": "epss", "scoring_elements": "0.98895", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4115" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=983653", "reference_id": "983653", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983653" }, { "reference_url": "https://security.gentoo.org/glsa/201309-22", "reference_id": "GLSA-201309-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1148", "reference_id": "RHSA-2014:1148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4115" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zq3z-pce4-5udp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101405?format=api", "vulnerability_id": "VCID-ztr3-ygr2-ffbf", "summary": "http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2572.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2572.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11159", "scoring_system": "epss", "scoring_elements": "0.93627", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11159", "scoring_system": "epss", "scoring_elements": "0.93637", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2572" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312262", "reference_id": "1312262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312262" }, { "reference_url": "https://security.gentoo.org/glsa/201607-01", "reference_id": "GLSA-201607-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2600", "reference_id": "RHSA-2016:2600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2600" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129559?format=api", "purl": "pkg:deb/debian/squid@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129554?format=api", "purl": "pkg:deb/debian/squid@4.13-10%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129552?format=api", "purl": "pkg:deb/debian/squid@5.7-2%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-7sua-wuyu-cqby" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@5.7-2%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129556?format=api", "purl": "pkg:deb/debian/squid@6.13-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5tpw-u7cg-hqd7" }, { "vulnerability": "VCID-pshb-b8z8-gqhm" }, { "vulnerability": "VCID-qyjc-znbd-dub6" }, { "vulnerability": "VCID-rv56-tjvg-bbbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@6.13-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129555?format=api", "purl": "pkg:deb/debian/squid@7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@7.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2572" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztr3-ygr2-ffbf" } ], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/squid@4.13-10%252Bdeb11u3%3Fdistro=trixie" }