410 matches found
SUSE CVE-2024-37894
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack...
AZL-42871 CVE-2024-37894 affecting package squid 5.7-5
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack...
UBUNTU-CVE-2024-37894
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack...
CVE-2024-37894 Squid vulnerable to heap corruption in ESI assign
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack...
CVE-2024-37894
CVE-2024-37894 affects Squid, a web proxy cache. The vulnerability is an out-of-bounds write when assigning ESI variables, causing memory corruption and potentially Denial of Service. Connected advisories confirm the issue across multiple distributions and provide fixes: Debian DSA-5751-1 and DLA...
Sensitive Information Disclosure
Symfony is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the FragmentHandler considering all fragment render requests as coming from a trusted source, regardless of their origin, due to the inability to distinguish between legitimate ESI requests by a trusted proxy...
GHSA-WVJV-P5RR-MMQM Symfony allows direct access of ESI URLs behind a trusted proxy
All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5....
Symfony allows direct access of ESI URLs behind a trusted proxy
All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5....
Important: squid
Issue Overview: A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements ...
Dell ESI for SAP LAMA Information Disclosure Vulnerability
Dell ESI for SAP LAMA is a software solution that integrates SAP LaMa with Dell products from Dell USA. An information disclosure vulnerability exists in Dell ESI for SAP LAMA version 10.0, which can be exploited by an attacker to obtain administrator-level credentials by eavesdropping on network...
Dell Enterprise Storage Integrator Access Control Error Vulnerability
Dell Enterprise Storage Integrator Dell ESI is a storage application from Dell USA. An Access Control Error vulnerability exists in Dell Enterprise Storage Integrator version 10.0, which stems from an incorrect access control vulnerability contained in the EHAC component. No details of the...
CVE-2023-39245
DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...
CVE-2023-39244
DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...
Information disclosure
DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...
Information disclosure
DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...
CVE-2023-39245
DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...
CVE-2023-39245
Dell ESI for SAP LaMa (LAMA) version 10.0 is affected by an information-disclosure vulnerability in the EHAC component. An unauthenticated remote attacker could potentially eavesdrop network traffic to obtain administrator-level credentials. The CVE-2023-39245 entry is rated CRITICAL (CVSS 3.1: A...
CVE-2023-39245
DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...
CVE-2023-39244
CVE-2023-39244 affects Dell ESI (Enterprise Storage Integrator) for SAP LAMA 10.0, specifically the EHAC component. The connected documents confirm an information-disclosure vulnerability that can be exploited by a remote, unauthenticated attacker who eavesdrops network traffic to obtain admin-le...
CVE-2023-39244
DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...