CVE-2024-42256 cifs: Fix server re-repick on subrequest retry

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifspreparewrite which will make cifs repick the server for the op before renegotiating credits; it then calls...

CVE-2024-42256 cifs: Fix server re-repick on subrequest retry

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifspreparewrite which will make cifs repick the server for the op before renegotiating credits; it then calls...

PT-2024-7517 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the smb2 async writev function in the Linux kernel, which is responsible for handling server re-repick on subrequest retry. When a subrequest is marked for...

kernel: NFS: Fix a potential data corruption

A logic error was found in the Linux kernel's NFS client implementation in the write request retransmission handling for ODIRECT operations. A local user performing direct I/O writes over NFS can trigger this issue when the server completes writes synchronously and network conditions require...

AZL-55796 CVE-2023-52582 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: netfs: Only call foliostartfscache one time for each folio If a network filesystem using netfs implements a clamplength function, it can set subrequest lengths smaller than a page size. When we loop through the folios in...

SUSE CVE-2010-0434

The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain...

CVE-2021-41267

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trustedheaders" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2,...

CVE-2021-41267

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trustedheaders" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2,...

The vulnerability of the ngx_http_lua_subrequest.c component in the OpenResty web server allows a attacker to compromise data integrity.

The vulnerability of the ngxhttpluasubrequest.c component in the OpenResty web server is related to inconsistent interpretation of http requests. Exploiting this vulnerability could allow a malicious actor to compromise data integrity from a remote location...

OpenResty Environment Issues Vulnerabilities

OpenResty is China's Ou Rui software development OpenResty company's a Web application server based on Nginx and Lua . An environment issue vulnerability exists in the ngxhttpluasubrequest.c file in OpenResty versions prior to 1.15.8.4. The vulnerability stems from an unreasonable environmental...

UBUNTU-CVE-2020-11724

An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...

CVE-2018-16833

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI...

Debian DSA-2035-1 : apache2 - multiple issues

Two issues have been found in the Apache HTTPD web server : - CVE-2010-0408 modproxyajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger...

CVE-2010-0434

The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain...

Apache Httpd < 2.2.15 : Subrequest handling of request headers (mod_headers)

A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...

Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)

A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...

Security Flaw in pam_per_user Module

Summary/Impact: --------------- There is a security flaw in the pamperuser PAM module that can allow someone to authenticate as any user on the system, provided that they already have the proper credentials for one account. This security hole is fixed in pamperuser-0.4, which is available from:...

CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes

More info at https://symfony.com/cve-2026-48489...

CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes

More info at https://symfony.com/cve-2026-48489...