FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b0c83e1a-8153-11ec-84f9-641c67a117d8varnish -- Request Smuggling Vulnerability

Varnish Cache Project reports:

A request smuggling attack can be performed on HTTP/1 connections on Varnish Cache servers. The smuggled request would be treated as an additional request by the Varnish server, go through normal VCL processing, and injected as a spurious response on the client connection.


Discovery 2022-01-25
Entry 2022-01-29
varnish6
< 6.6.2

varnish4
< 4.1.11r6

CVE-2022-23959
https://varnish-cache.org/security/VSV00008.html
https://docs.varnish-software.com/security/VSV00008/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959
2d4076eb-f679-11e9-a87f-a4badb2f4699varnish -- Information Disclosure Vulnerability

Varnish Software reports:

A bug has been discovered in Varnish Cache where we fail to clear a pointer between the handling of one client requests and the next on the same connection. This can under specific circumstances lead to information being leaked from the connection workspace.


Discovery 2019-10-21
Entry 2019-10-24
varnish6
< 6.3.1

https://varnish-cache.org/security/VSV00004.html#vsv00004
ce231189-ce56-11e9-9fa0-0050569f0b83www/varnish6 -- Denial of Service

The Varnish Team reports:

A failure in HTTP/1 parsing can allow a remote attacker to trigger an assertion in varnish, restarting the daemon and clearing the cache.


Discovery 2019-09-02
Entry 2019-09-03
varnish6
< 6.2.1

https://varnish-cache.org/security/VSV00003.html
5b8d8dee-6088-11ed-8c5e-641c67a117d8varnish -- HTTP/2 Request Forgery Vulnerability

Varnish Cache Project reports:

A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This may in turn be used to successfully exploit vulnerabilities in a server behind the Varnish server.


Discovery 2022-11-08
Entry 2022-11-09
varnish7
< 7.2.1

varnish6
le 6.6.2

https://varnish-cache.org/security/VSV00011.html