[go: up one dir, main page]
|
|
Subscribe / Log in / New account

Search results

Query:
Filters:
Content typeCategories
 LWN Feature article
 Guest article
 News item
 Email item
 Security alert
 Security vulnerability
 Kernel patch
 Comment		  Announcements
 Briefs
 Commerce
 Development
 Distributions
 Front
 Kernel
 Legal
 Letters
 Press
 Security
Order by: relevance date

Search results

SUSE security update to firefox-esr
([Security] Posted Dec 16, 2024 14:04 UTC (Mon) by jake )

CVE-2020-26953
  * CVE-2020-26954
  * CVE-2020-26955
  * CVE-2020-26956
  * CVE-2020-26957
  * CVE-2020-26958
  * CVE-2020-26959
  * CVE-2020-26960
  * CVE-2020-26961
  * CVE-2020-26962
  * CVE-2020-26963
  * CVE-2020-26964
  * CVE-2020-26965
  * CVE-2020-26966
  * CVE-2020-26967
  * CVE-2020-26968
  * CVE-2020-26969
  * CVE-2020-26971
  * CVE-2020-26972
  * CVE-2020-26973
  * CVE-2020-26974
  * CVE-2020-26975
  * CVE-2020-26976
  * CVE-2020-26977
  * CVE-2020-26978
  * CVE-2020-26979
  * CVE-2020-35111
  * CVE-2020-35112
  * CVE-2020-35113
  * CVE-2020-35114
  * CVE-2020-6463
  * CVE-2020-6514
  * CVE-2020-6796
  * CVE-2020-6797
  * CVE-2020-6798
  * CVE-2020-6799
  * CVE-2020-6800
  * CVE-2020-6801
  * CVE-2020-6805
  * CVE-2020-6806
  * CVE-2020-6807
  * CVE-2020-6808
  * CVE-2020-6809
  * CVE-2020-6810
  * CVE-2020-6811
  * CVE-2020-6812
  * CVE-2020-6813
  * CVE-2020-6814
  * CVE-2020-6815
  * CVE-2020-6819
  * CVE-2020-6820
  * CVE-2020-6821
  * CVE-2020-6822
  * CVE-2020-6823
  * CVE-2020-6824
  * CVE-2020-6825
  * CVE-2020-6826
  * CVE-2020-6829
  * CVE-2020-6831
  * CVE-2021-23953
  * CVE-2021-23954
  * CVE-2021-23955
  * CVE-2021-23956
  * CVE-2021-23957
  * CVE-2021-23958
  * CVE-2021-23959

SUSE security update to varnish
([Security] Posted Jun 16, 2022 12:16 UTC (Thu) by jake )

CVE-2021-4122 CVE-2022-23959
CVSS scores:
                    CVE-2021-4122 (SUSE): 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
                    CVE-2022-23959 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-23959 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR

Ubuntu security update to varnish
([Security] Posted Jun 9, 2022 12:52 UTC (Thu) by jake )

CVE-2019-20637)

It was discovered that Varnish Cache could have an assertion failure when a
TLS termination proxy uses PROXY version 2. A remote attacker could possibly
use this issue to restart the daemon and cause a performance loss.
(CVE-2020-11653)

It was discovered that Varnish Cache allowed request smuggling and VCL
authorization bypass via a large Content-Length header for a POST
request. A remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2021-36740)

It was discovered that Varnish Cache allowed request smuggling for HTTP/1
connections. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2022-23959

SUSE security update to varnish
([Security] Posted May 27, 2022 13:00 UTC (Fri) by jake )

CVE-2021-36740 CVE-2022-23959
CVSS scores:
                    CVE-2021-36740 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2021-36740 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-23959 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR

Debian security update to varnish
([Security] Posted Mar 4, 2022 14:21 UTC (Fri) by jake )

CVE ID         : CVE-2021-36740 CVE-2022-23959
Debian Bug     : 991040 1004433

Brief introduction 

CVE-2021-36740

    Martin Blix Grydeland discovered that Varnish is vulnerable to
    request smuggling attacks if the HTTP/2 protocol is enabled.

CVE-2022-23959

    James Kettle discovered a request smuggling attack against the
    HTTP/1 protocol implementation

Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds