Lucene search
K

39 matches found

Vulnrichment
Vulnrichment
added 2026/04/12 7:23 p.m.1 views

CVE-2026-40396

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service daemon panic after timeoutlinger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread timeoutlinger and resume traffic before the session is closed timeoutidle...

4CVSS5.9AI score0.00347EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/12 7:23 p.m.4 views

CVE-2026-40396

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service daemon panic after timeoutlinger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread timeoutlinger and resume traffic before the session is closed timeoutidle...

4CVSS5.9AI score0.00347EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/12 7:23 p.m.35 views

CVE-2026-40396

Varnish Cache 9 prior to 9.0.1 is affected by a workspace overflow DoS (daemon panic) that can be triggered by a malicious HTTP/1 request sequence: after timeout_linger releases a worker thread, resuming traffic with multiple requests before the session closes (timeout_idle) can cause a pipelinin...

7.5CVSS5.9AI score0.00347EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/12 7:23 p.m.7 views

CVE-2026-40396

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service daemon panic after timeoutlinger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread timeoutlinger and resume traffic before the session is closed timeoutidle...

7.5CVSS5.5AI score0.00347EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/12 7:21 p.m.3 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

4CVSS5.9AI score0.00236EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/12 7:21 p.m.26 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

4CVSS0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/12 7:21 p.m.1 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

4CVSS5.9AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/04/12 7:21 p.m.16 views

CVE-2026-40395

CVE-2026-40395 affects Varnish Enterprise prior to 6.0.16r12. A workspace overflow can occur in the vmod_headerplus module when header fields are excessive in a modified req0, causing a daemon panic and Denial of Service. Details in multiple sources describe the root cause as the headerplus.write...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/04/12 7:21 p.m.3 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

7.5CVSS5.6AI score0.00236EPSS
Exploits0
CVE
CVE
added 2026/04/12 7:17 p.m.42 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 are affected by a workspace overflow during HTTP/2 session upgrade. The vulnerability arises when the HTTP/2 upgrade path repurposes an HTTP/1 request as stream zero and allocates a buffer to reserve space for frames, which can ...

7.5CVSS6AI score0.00236EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/12 7:17 p.m.22 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

4CVSS0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/12 7:17 p.m.4 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

4CVSS6AI score0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/12 7:17 p.m.4 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

4CVSS6AI score0.00236EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/12 7:17 p.m.10 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

7.5CVSS5.6AI score0.00236EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.5 views

PT-2026-32184

Name of the Vulnerable Software and Affected Versions Varnish Enterprise versions prior to 6.0.16r12 Description Varnish Enterprise versions before 6.0.16r12 are susceptible to a denial of service daemon panic due to a workspace overflow when handling shared VCL. The headerplus.write req0 functio...

4CVSS5.9AI score0.00236EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.6 views

PT-2026-32183

Name of the Vulnerable Software and Affected Versions Varnish Cache versions prior to 9.0.1 Varnish Enterprise versions prior to 6.0.16r11 Description Varnish Cache and Varnish Enterprise are susceptible to a denial of service daemon panic due to a workspace overflow. This occurs when handling...

4CVSS6.1AI score0.00236EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.9 views

Varnish Enterprise 安全漏洞

Varnish Enterprise is a high-performance caching software developed by the Varnish company. It is designed for handling high-traffic scenarios and optimizing business operations. Versions of Varnish Enterprise prior to 6.0.16r12 contained security vulnerabilities. These vulnerabilities stemmed fr...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.4 views

PT-2026-32185

Name of the Vulnerable Software and Affected Versions Varnish Cache versions prior to 9.0.1 Description Varnish Cache 9 before 9.0.1 is susceptible to a denial of service due to a workspace overflow, potentially leading to a daemon panic. A malicious client can exploit this by sending an HTTP/1...

4CVSS5.8AI score0.00347EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/05/11 1:7 p.m.4 views

pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

9.8CVSS7.7AI score0.0843EPSS
Exploits1References4
Rows per page
Query Builder