3 matches found
CVE-2026-50052
In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...
CVE-2024-57952 Revert "libfs: fix infinite directory reads for offset dir"
In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator based on mtreealloccyclic stores the next offset value to return in octx-nextoffset. This mechanism typically returns values that...
CVE-2021-29052
Affected products: Liferay Portal 7.3.0–7.3.5 and Liferay DXP 7.3 before fix pack 1. Issue: Data Engine module fails to check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, enabling remote authenticated users to view DDMStructures via GET API call...