Lucene search
K

410 matches found

SUSE CVE
SUSE CVE
added 2024/06/26 11:18 p.m.4 views

SUSE CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack...

6.3CVSS7AI score0.06255EPSS
Exploits0References7
OSV
OSV
added 2024/06/25 8:15 p.m.7 views

AZL-42871 CVE-2024-37894 affecting package squid 5.7-5

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack...

6.3CVSS6.6AI score0.06255EPSS
Exploits0References1
OSV
OSV
added 2024/06/25 8:15 p.m.1 views

UBUNTU-CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack...

6.3CVSS5.8AI score0.06255EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/25 7:39 p.m.27 views

CVE-2024-37894 Squid vulnerable to heap corruption in ESI assign

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack...

6.3CVSS6.9AI score0.06255EPSS
Exploits0References3
CVE
CVE
added 2024/06/25 7:39 p.m.163 views

CVE-2024-37894

CVE-2024-37894 affects Squid, a web proxy cache. The vulnerability is an out-of-bounds write when assigning ESI variables, causing memory corruption and potentially Denial of Service. Connected advisories confirm the issue across multiple distributions and provide fixes: Debian DSA-5751-1 and DLA...

6.3CVSS6.5AI score0.06255EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/06/03 7:23 a.m.26 views

Sensitive Information Disclosure

Symfony is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the FragmentHandler considering all fragment render requests as coming from a trusted source, regardless of their origin, due to the inability to distinguish between legitimate ESI requests by a trusted proxy...

6.6AI score0.00812EPSS
Exploits0
OSV
OSV
added 2024/05/30 12:46 a.m.19 views

GHSA-WVJV-P5RR-MMQM Symfony allows direct access of ESI URLs behind a trusted proxy

All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5....

7.5CVSS5.9AI score0.00812EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/30 12:46 a.m.28 views

Symfony allows direct access of ESI URLs behind a trusted proxy

All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5....

6.5AI score0.00812EPSS
Exploits0References6Affected Software2
Amazon
Amazon
added 2024/04/01 12:0 a.m.3 views

Important: squid

Issue Overview: A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements ...

9.3CVSS7.3AI score0.05765EPSS
Exploits0
CNVD
CNVD
added 2024/02/22 12:0 a.m.20 views

Dell ESI for SAP LAMA Information Disclosure Vulnerability

Dell ESI for SAP LAMA is a software solution that integrates SAP LaMa with Dell products from Dell USA. An information disclosure vulnerability exists in Dell ESI for SAP LAMA version 10.0, which can be exploited by an attacker to obtain administrator-level credentials by eavesdropping on network...

9.8CVSS6.3AI score0.0045EPSS
Exploits0References1
CNVD
CNVD
added 2024/02/22 12:0 a.m.18 views

Dell Enterprise Storage Integrator Access Control Error Vulnerability

Dell Enterprise Storage Integrator Dell ESI is a storage application from Dell USA. An Access Control Error vulnerability exists in Dell Enterprise Storage Integrator version 10.0, which stems from an incorrect access control vulnerability contained in the EHAC component. No details of the...

9.8CVSS6.8AI score0.00491EPSS
Exploits0References1
NVD
NVD
added 2024/02/15 1:15 p.m.10 views

CVE-2023-39245

DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...

9.8CVSS9.3AI score0.0045EPSS
Exploits0References1
NVD
NVD
added 2024/02/15 1:15 p.m.13 views

CVE-2023-39244

DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...

9.8CVSS7.2AI score0.00491EPSS
Exploits0References1
Prion
Prion
added 2024/02/15 1:15 p.m.21 views

Information disclosure

DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...

7.5CVSS7.1AI score0.00491EPSS
Exploits0References1
Prion
Prion
added 2024/02/15 1:15 p.m.19 views

Information disclosure

DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...

7.5CVSS7.4AI score0.0045EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/15 1:3 p.m.13 views

CVE-2023-39245

DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...

9.8CVSS9.3AI score0.0045EPSS
Exploits0References1
CVE
CVE
added 2024/02/15 1:3 p.m.34 views

CVE-2023-39245

Dell ESI for SAP LaMa (LAMA) version 10.0 is affected by an information-disclosure vulnerability in the EHAC component. An unauthenticated remote attacker could potentially eavesdrop network traffic to obtain administrator-level credentials. The CVE-2023-39245 entry is rated CRITICAL (CVSS 3.1: A...

9.8CVSS9.1AI score0.0045EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/15 1:3 p.m.13 views

CVE-2023-39245

DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...

9.8CVSS6.9AI score0.0045EPSS
Exploits0References1
CVE
CVE
added 2024/02/15 12:56 p.m.90 views

CVE-2023-39244

CVE-2023-39244 affects Dell ESI (Enterprise Storage Integrator) for SAP LAMA 10.0, specifically the EHAC component. The connected documents confirm an information-disclosure vulnerability that can be exploited by a remote, unauthenticated attacker who eavesdrops network traffic to obtain admin-le...

9.8CVSS7.1AI score0.00491EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/15 12:56 p.m.24 views

CVE-2023-39244

DELL ESI Enterprise Storage Integrator for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials...

7.3CVSS7.4AI score0.00491EPSS
Exploits0References1
Rows per page
Query Builder