Lucene search
+L

116 matches found

OSV
OSV
added 2023/08/23 12:0 a.m.15 views

CVE-2023-41104

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL Varnish Configuration...

6.5CVSS7.2AI score0.0049EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/11/23 12:0 a.m.29 views

Fedora: Security Advisory for varnish-modules (FEDORA-2022-0d5dcc031e)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.5AI score0.0121EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/11/10 8:56 p.m.29 views

CVE-2022-45060

An HTTP Request Forgery issue was discovered in Varnish Cache. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could be used to exploit...

7.5CVSS0.5AI score0.00936EPSS
Exploits0References5
Fedora
Fedora
added 2022/08/30 9:6 a.m.44 views

[SECURITY] Fedora 36 Update: varnish-modules-0.19.0-5.fc36

This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...

7.5CVSS0.8AI score0.0117EPSS
Exploits0
Amazon
Amazon
added 2022/08/23 12:0 a.m.33 views

Important: varnish

Issue Overview: A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an...

9.1CVSS8.6AI score0.01973EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2022/06/15 12:0 a.m.75 views

Security update for varnish (moderate)

SUSE Security Update: Security update for varnish Announcement ID: openSUSE-SU-2022:0144-1 Rating: moderate References: 1194469 1195188 Cross-References: CVE-2021-4122 CVE-2022-23959 CVSS scores: CVE-2021-4122 SUSE: 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-23959 NVD : 9.1...

7.4CVSS6.7AI score0.01973EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/28 12:0 a.m.28 views

openSUSE 15 Security Update : varnish (openSUSE-SU-2022:0148-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0148-1 advisory. - Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST...

9.1CVSS7.2AI score0.01973EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2022/03/04 12:0 a.m.72 views

Debian DSA-5088-1 : varnish - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5088 advisory. - Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affect...

9.1CVSS7.2AI score0.01973EPSS
Exploits0References9
Fedora
Fedora
added 2022/02/16 1:28 a.m.37 views

[SECURITY] Fedora 35 Update: varnish-modules-0.18.0-5.fc35

This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...

9.1CVSS0.8AI score0.01973EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2021-0387)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.01599EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/01/27 1:58 p.m.50 views

CVE-2022-23959

A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...

9.1CVSS2.4AI score0.01973EPSS
Exploits0References4
OSV
OSV
added 2021/09/30 11:3 a.m.3 views

OESA-2021-1374 varnish security update

This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...

6.5CVSS6.6AI score0.01599EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/08/03 12:0 a.m.51 views

Oracle Linux 8 : varnish:6 (ELSA-2021-2988)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2988 advisory. - Resolves: 1982861 - CVE-2021-36740 varnish:6/varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request varnish-modules...

6.5CVSS6.8AI score0.01599EPSS
Exploits0References2
Mageia
Mageia
added 2021/07/28 8:0 p.m.63 views

Updated varnish packages fix a security vulnerability

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...

6.5CVSS2.7AI score0.01599EPSS
Exploits0References3
Fedora
Fedora
added 2021/07/25 1:3 a.m.52 views

[SECURITY] Fedora 34 Update: varnish-modules-0.17.1-2.fc34

This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...

6.5CVSS0.8AI score0.01599EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/07/14 7:25 p.m.63 views

CVE-2021-36740

A flaw was found in Varnish. The Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. As a result, this flaw allows the information on the Varnish cache to be poisoned. The highest threat from this...

8.1CVSS1.2AI score0.01599EPSS
Exploits0References4
NVD
NVD
added 2021/07/14 5:15 p.m.20 views

CVE-2021-36740

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...

6.5CVSS0.01599EPSS
Exploits0References7
OSV
OSV
added 2021/07/14 5:15 p.m.32 views

CVE-2021-36740

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...

6.5CVSS6.7AI score
Exploits0References7
OSV
OSV
added 2021/07/14 5:15 p.m.2 views

ALPINE-CVE-2021-36740

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...

6.5CVSS7AI score0.01599EPSS
Exploits0References1
OSV
OSV
added 2021/07/14 5:15 p.m.1 views

DEBIAN-CVE-2021-36740

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...

6.5CVSS6.7AI score0.01599EPSS
Exploits0References1
Rows per page
Query Builder