410 matches found
Apache Traffic Server(ATS) 资源管理错误漏洞
Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. A resource management error vulnerability exists in Apache Traffic Server ATS versions 10.0.0 through 10.0.5 and 9.0.0 through 9.2.10, which stems from the ESI plugin not...
CVE-2023-4372
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
RHEL 9 : squid (RHSA-2024:9625)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9625 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of...
CLSA-2025-1736860159 squid: Fix of 2 CVEs
CVE-2024-23638: Fix Denial of Service attack against Cache Manager error responses - CVE-2024-37894: Fix Out-of-bounds Write error when assigning ESI variables...
PT-2025-25773 · Apache +1 · Apache Traffic Server +1
Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 9.0.0 through 9.2.10 Apache Traffic Server versions 10.0.0 through 10.0.5 Description: The issue allows excessive memory consumption if malicious instructions are inserted due to the lack of a limit for maximum...
CVE-2024-56620
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace:...
CVE-2024-56620
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace:...
AZL-55183 CVE-2024-56620 affecting package kernel for versions less than 6.6.90.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace:...
UBUNTU-CVE-2024-56620
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace:...
CVE-2024-56620 scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace:...
CVE-2024-56620
In CVE-2024-56620, the Linux kernel fix targets the SCSI: ufs: qcom path. The bug occurs when platform MSI resources are freed even if ESI is not enabled, leading to a NULL pointer dereference (Unable to handle kernel NULL pointer dereference at 0x8) during device removal. The impact is a local f...
CVE-2024-56620
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace:...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference issue in the scsi ufs driver caused by not properly releasing platform MSIs when...
ROS-20241203-14
Squid proxy server vulnerability is related to errors in input data processing. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service by sending specially crafted ESI packets. specially crafted ESI packets...
CLSA-2024-1732704094 squid: Fix of CVE-2024-45802
CVE-2024-45802: disable ESI...
squid: Fix of CVE-2024-45802
CVE-2024-45802: disable ESI...
squid34: Fix of CVE-2024-45802
CVE-2024-45802: disable ESI...
CLSA-2024-1732702046 squid: Fix of CVE-2024-45802
CVE-2024-45802: Fix DoS by a trusted server by disabling ESI...
squid security update
7:3.5.20-17.0.3 - Disable ESI support CVE-2024-45802Orabug: 37289058...
RockyLinux 8 : squid:4 (RLSA-2024:9644)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9644 advisory. squid: vulnerable to a Denial of Service attack against Cache Manager error responses CVE-2024-23638 squid: Denial of Service processing ESI response...