29 matches found
SUSE CVE-2017-12425
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...
EUVD-2017-3998
Malware in sbrugna...
EUVD-2017-17750
Malware in sbrugna...
CVE-2013-4090
Varnish HTTP cache before 3.0.4: ACL bug...
Ubuntu 16.04 ESM : Varnish vulnerability (USN-4824-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4824-1 advisory. It was discovered that Varnish incorrectly handled certain inputs. A remote attacker could possibly use this issue to obtain sensitive information. Tenable has...
Mageia: Security Advisory (MGASA-2017-0435)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-4090
Varnish HTTP cache before 3.0.4: ACL bug...
CVE-2013-4090
Varnish HTTP cache before 3.0.4: ACL bug...
CVE-2013-4090
Varnish HTTP cache before 3.0.4: ACL bug...
CVE-2013-4090
Varnish HTTP cache before 3.0.4: ACL bug...
CVE-2013-4090
Varnish HTTP cache before 3.0.4: ACL bug...
CVE-2013-4090
CVE-2013-4090 concerns the Varnish HTTP cache before 3.0.4, due to an ACL bug in the access control logic. Affected component is the Varnish ACL handling in versions prior to 3.0.4. The practical impact is an integrity issue (I:H in CVSS v3.1) with potentially improper access control, as indicate...
[ASA-201711-29] varnish: information disclosure
Arch Linux Security Advisory ASA-201711-29 ========================================== Severity: Medium Date : 2017-11-26 CVE-ID : CVE-2017-8807 Package : varnish Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-502 Summary ======= The package varnish before...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
Design/Logic Flaw
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
Varnish Cache CVE-2017-8807 affects 4.1.x before 4.1.9 and 5.x before 5.2.1. The flaw is in vbf_stp_error in bin/varnishd/cache/cache_fetch.c where a VFP_GetStorage buffer is larger than intended during -sfile Stevedore transient objects, allowing remote attackers to read memory from the process....
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...