Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 18 results


CVE-2024-30156

Medium priority
Needs evaluation

Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.

1 affected packages

varnish

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
varnish Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-45060

Medium priority
Needs evaluation

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context...

1 affected packages

varnish

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
varnish Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-45059

Medium priority
Needs evaluation

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish...

1 affected packages

varnish

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
varnish Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-38150

Medium priority
Needs evaluation

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend...

1 affected packages

varnish

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
varnish Not affected Not affected Not affected Not affected Needs evaluation
Show less packages

CVE-2022-23959

Medium priority

Some fixes available 4 of 11

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

1 affected packages

varnish

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
varnish Needs evaluation Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2021-36740

Medium priority

Some fixes available 2 of 4

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x...

1 affected packages

varnish

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
varnish Not affected Fixed Not affected Not affected
Show less packages

CVE-2021-28543

Medium priority
Not affected

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is...

1 affected packages

varnish-modules

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
varnish-modules Not in release Not affected Not in release
Show less packages

CVE-2020-11653

Low priority

Some fixes available 1 of 2

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and...

1 affected packages

varnish

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
varnish Not affected Fixed Not affected Not affected
Show less packages

CVE-2019-20637

Medium priority

Some fixes available 2 of 3

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the...

1 affected packages

varnish

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
varnish Not affected Fixed Fixed Not affected
Show less packages

CVE-2013-4090

Medium priority
Not affected

Varnish HTTP cache before 3.0.4: ACL bug

1 affected packages

varnish

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
varnish Not affected Not affected
Show less packages