rpm package
opensuse/varnish&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/varnish&distro=openSUSE%20Leap%2015.4
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-45060 | — | < 7.2.1-bp154.2.9.1 | 7.2.1-bp154.2.9.1 | Nov 9, 2022 | An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish ser | ||
| CVE-2022-45059 | — | < 7.2.1-bp154.2.9.1 | 7.2.1-bp154.2.9.1 | Nov 9, 2022 | An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to | ||
| CVE-2021-4122 | — | < 7.1.0-bp154.2.3.1 | 7.1.0-bp154.2.3.1 | Aug 24, 2022 | It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryptio | ||
| CVE-2022-38150 | — | < 7.1.1-bp154.2.6.1 | 7.1.1-bp154.2.6.1 | Aug 11, 2022 | In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1. |
- CVE-2022-45060Nov 9, 2022affected < 7.2.1-bp154.2.9.1fixed 7.2.1-bp154.2.9.1
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish ser
- CVE-2022-45059Nov 9, 2022affected < 7.2.1-bp154.2.9.1fixed 7.2.1-bp154.2.9.1
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to
- CVE-2021-4122Aug 24, 2022affected < 7.1.0-bp154.2.3.1fixed 7.1.0-bp154.2.3.1
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryptio
- CVE-2022-38150Aug 11, 2022affected < 7.1.1-bp154.2.6.1fixed 7.1.1-bp154.2.6.1
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.