23 matches found
Varnish Enterprise 安全漏洞
Varnish Enterprise is a high-performance caching software developed by the Varnish company. It is designed for handling high-traffic scenarios and optimizing business operations. Versions of Varnish Enterprise prior to 6.0.16r12 contained security vulnerabilities. These vulnerabilities stemmed fr...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uclobjectemit function when operating in UCLPARSERZEROCOPY mode and processing input containing a key with an embedded null byte. An attacker can cause a segmentation fault and disrupt service by submitting...
CVE-2026-0708
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...
CVE-2026-0708 Libucl: libucl: denial of service via embedded null byte in ucl input
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...
PT-2026-25869
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the ucl object emit function when parsing and emitting the...
EUVD-2025-33700
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0...
EUVD-2021-15219
Malware in sbrugna...
Fedora: Security Advisory for golang-starlark (FEDORA-2022-5038c3236c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-starlark-0-0.8.20210113gite81fc95.fc36
Starlark is a dialect of Python intended for use as a configuration language. Like Python, it is an untyped dynamic language with high-level data types, first-class functions with lexical scope, and garbage collection. Unlike CPython, independent Starlark threads execute in parallel, so Starlark...
[SECURITY] Fedora 36 Update: golang-starlark-0-0.7.20210113gite81fc95.fc36
Starlark is a dialect of Python intended for use as a configuration language. Like Python, it is an untyped dynamic language with high-level data types, first-class functions with lexical scope, and garbage collection. Unlike CPython, independent Starlark threads execute in parallel, so Starlark...
varnish: HTTP/1 request smuggling vulnerability
A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...
PT-2022-16799 · Hashicorp · Nomad Enterprise +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions prior to 1.0.17 HashiCorp Nomad and Nomad Enterprise versions prior to 1.1.12 HashiCorp Nomad and Nomad Enterprise versions prior to 1.2.6 Description: The issue allows for invalid HCL for the job...
varnish: HTTP/1 request smuggling vulnerability
A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...
varnish: HTTP/1 request smuggling vulnerability
A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...
Kodex - A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code
Kodex Community Edition - CE is an open-source toolkit for privacy and security engineering. It helps you to automate data security and data protection measures in your data engineering workflows. It offers the following functionality: Read data items from a variety of sources such as files,...
GHSA-8VV3-JXM8-F4VF Prototype Pollution in connie-lang
The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie...
CVE-2021-28543
Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service daemon restart in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, ...
Null pointer dereference
Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service daemon restart in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, ...
CVE-2021-28543
Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service daemon restart in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, ...
CVE-2020-7706
The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie...