29 matches found
MAL-2025-8600 Malicious code in @malware-test-dorsa-frati-emong-broke/test-mlw3-dorsa-frati-emong-broke (npm)
The package @malware-test-dorsa-frati-emong-broke/test-mlw3-dorsa-frati-emong-broke was found to contain malicious code...
CVE-2025-39398
CVE-2025-39398 is a Missing Authorization vulnerability in the WordPress plugin/theme bundle “Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue” (Bellevuex) affecting versions up to 4.2.2. The vulnerability is categorized as Broken Access Control with a CVSS v3.1 base score of 4.3 (Medi...
Alibaba Cloud Linux 3 : 0083: varnish (ALINUX3-SA-2024:0083)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0083 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-30156: Varnish Cache before 7.3.2 and 7.4....
Rocky Linux 9 : varnish (RLSA-2024:1691)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1691 advisory. - Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2...
Rocky Linux 8 : varnish (RLSA-2024:1690)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1690 advisory. - Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2...
Mageia: Security Advisory (MGASA-2024-0124)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0124 Updated varnish packages fix security vulnerability
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack. CVE-2024-30156...
Updated varnish packages fix security vulnerability
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack. CVE-2024-30156...
OESA-2024-1415 varnish security update
This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...
Broke Window Attack
Varnish Cache, Varnish Enterprise is vulnerable to a Broke Window Attack. The vulnerability is due to exhaustion of credits for an HTTP/2 connection control flow window...
AlmaLinux 8 : varnish (ALSA-2024:1690)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1690 advisory. varnish: HTTP/2 Broken Window Attack may result in denial of service CVE-2024-30156 Tenable has extracted the preceding description block directly from the AlmaLin...
AlmaLinux 9 : varnish (ALSA-2024:1691)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1691 advisory. - Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2...
Oracle Linux 9 : varnish (ELSA-2024-1691)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1691 advisory. - Resolves: RHEL-30387 - varnish: HTTP/2 Broken Window Attack may result in denial of service CVE-2024-30156 - Add parameters h2rstallowance and...
SUSE CVE-2024-30156
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack...
DEBIAN-CVE-2024-30156
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack...
CVE-2024-30156
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack...
CVE-2024-30156
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack...
ALPINE-CVE-2024-30156
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack...
UBUNTU-CVE-2024-30156
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack...
CVE-2024-30156
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack...