FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b0c83e1a-8153-11ec-84f9-641c67a117d8varnish -- Request Smuggling Vulnerability

Varnish Cache Project reports:

A request smuggling attack can be performed on HTTP/1 connections on Varnish Cache servers. The smuggled request would be treated as an additional request by the Varnish server, go through normal VCL processing, and injected as a spurious response on the client connection.


Discovery 2022-01-25
Entry 2022-01-29
varnish6
lt 6.6.2

varnish4
lt 4.1.11r6

CVE-2022-23959
https://varnish-cache.org/security/VSV00008.html
https://docs.varnish-software.com/security/VSV00008/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959
2d4076eb-f679-11e9-a87f-a4badb2f4699varnish -- Information Disclosure Vulnerability

Varnish Software reports:

A bug has been discovered in Varnish Cache where we fail to clear a pointer between the handling of one client requests and the next on the same connection. This can under specific circumstances lead to information being leaked from the connection workspace.


Discovery 2019-10-21
Entry 2019-10-24
varnish6
lt 6.3.1

https://varnish-cache.org/security/VSV00004.html#vsv00004
ce231189-ce56-11e9-9fa0-0050569f0b83www/varnish6 -- Denial of Service

The Varnish Team reports:

A failure in HTTP/1 parsing can allow a remote attacker to trigger an assertion in varnish, restarting the daemon and clearing the cache.


Discovery 2019-09-02
Entry 2019-09-03
varnish6
lt 6.2.1

https://varnish-cache.org/security/VSV00003.html