VYPR

rpm package

suse/varnish&distro=SUSE Package Hub 15 SP4

pkg:rpm/suse/varnish&distro=SUSE%20Package%20Hub%2015%20SP4

Vulnerabilities (4)

  • CVE-2022-45060Nov 9, 2022
    affected < 7.2.1-bp154.2.9.1fixed 7.2.1-bp154.2.9.1

    An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish ser

  • CVE-2022-45059Nov 9, 2022
    affected < 7.2.1-bp154.2.9.1fixed 7.2.1-bp154.2.9.1

    An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to

  • CVE-2021-4122Aug 24, 2022
    affected < 7.1.0-bp154.2.3.1fixed 7.1.0-bp154.2.3.1

    It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryptio

  • CVE-2022-38150Aug 11, 2022
    affected < 7.1.1-bp154.2.6.1fixed 7.1.1-bp154.2.6.1

    In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.