18 matches found
CVE-2026-41017
Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...
EUVD-2020-3996
Malware in sbrugna...
Rocky Linux 8 : varnish:6 (RLSA-2020:4756)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4756 advisory. - An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to...
Ubuntu: Security Advisory (USN-5474-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Varnish Cache vulnerabilities (USN-5474-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5474-1 advisory. It was dicovered that Varnish Cache did not clear a pointer between the handling of one client request and the next request withi...
Mageia: Security Advisory (MGASA-2020-0154)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : varnish:6 (ELSA-2020-4756)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4756 advisory. - Resolves: 1790907 - CVE-2019-20637 varnish: not clearing pointer between two client requests leads to information disclosure - Resolves: 1763958 -...
OPENSUSE-SU-2020:0819-1 Security update for varnish
This update for varnish fixes the following issues: - CVE-2019-20637: Fixed an information leak when handling one client request and the next on the same connection boo1169040 - CVE-2020-11653: Fixed a performance loss due to an assertion failure and daemon restart when communicating with TLS...
Security update for varnish (moderate)
openSUSE Security Update: Security update for varnish Announcement ID: openSUSE-SU-2020:0808-1 Rating: moderate References: 1169039 1169040 Cross-References: CVE-2019-20637 CVE-2020-11653 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description:...
Security update for varnish (moderate)
openSUSE Security Update: Security update for varnish Announcement ID: openSUSE-SU-2020:0819-1 Rating: moderate References: 1169039 1169040 Cross-References: CVE-2019-20637 CVE-2020-11653 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...
OPENSUSE-SU-2020:0808-1 Security update for varnish
This update for varnish fixes the following issues: - CVE-2019-20637: Fixed an information leak when handling one client request and the next on the same connection boo1169040 - CVE-2020-11653: Fixed a performance loss due to an assertion failure and daemon restart when communicating with TLS...
DEBIAN-CVE-2020-11653
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss...
CVE-2020-11653
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss...
CVE-2020-11653
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss...
CVE-2020-11653
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss...
PT-2020-12751 · Varnish +6 · Varnish Cache +6
Name of the Vulnerable Software and Affected Versions: Varnish Cache versions prior to 6.0.6 LTS Varnish Cache versions 6.1.x Varnish Cache versions 6.2.x prior to 6.2.3 Varnish Cache versions 6.3.x prior to 6.3.2 Description: An issue occurs in Varnish Cache when communication with a TLS...
MGASA-2020-0154 Updated varnish packages fix security vulnerability
Updated varnish packages fix security vulnerability: An assert can be triggered in Varnish Cache when using Varnish with a TLS termination proxy, and the proxy and Varnish use the PROXY version 2. The assert will cause Varnish to restart, and the cache will be empty after the restart VSV00005...
Updated varnish packages fix security vulnerability
Updated varnish packages fix security vulnerability: An assert can be triggered in Varnish Cache when using Varnish with a TLS termination proxy, and the proxy and Varnish use the PROXY version 2. The assert will cause Varnish to restart, and the cache will be empty after the restart VSV00005...