No patches have been issued for 35 of 55 security vulnerabilities impacting the popular open-source caching and forwarding proxy Squid that were identified two years ago, according to SecurityWeek. Attackers could leverage many of the flaws to trigger crashes, while some could prompt arbitrary code execution against more than 2.5 million internet-exposed Squid proxy instances, said security researcher Joshua Rogers, who discovered and reported the bugs.
Source: SC Magazine