VYPR

rpm package

opensuse/vinyl-cache&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/vinyl-cache&distro=openSUSE%20Tumbleweed

Vulnerabilities (9)

  • CVE-2026-50052LowJun 3, 2026
    affected < 9.0.1-1.1fixed 9.0.1-1.1

    In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smuggling), which in turn can be used for cache poisoning, authentication bypass, or possibly even information di

  • CVE-2025-30346Mar 21, 2025
    affected < 9.0.0-1.1fixed 9.0.0-1.1

    Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 9.0.0-1.1fixed 9.0.0-1.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2022-45060Nov 9, 2022
    affected < 9.0.0-1.1fixed 9.0.0-1.1

    An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish ser

  • CVE-2022-45059Nov 9, 2022
    affected < 9.0.0-1.1fixed 9.0.0-1.1

    An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to

  • CVE-2022-38150Aug 11, 2022
    affected < 9.0.0-1.1fixed 9.0.0-1.1

    In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.

  • CVE-2022-23959Jan 26, 2022
    affected < 9.0.0-1.1fixed 9.0.0-1.1

    In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

  • CVE-2019-15892Sep 3, 2019
    affected < 9.0.0-1.1fixed 9.0.0-1.1

    An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a

  • CVE-2013-4484Nov 1, 2013
    affected < 9.0.0-1.1fixed 9.0.0-1.1

    Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.