Lucene search
K

80 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: varnish (UTSA-2026-017377)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017377 advisory. In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before...

9.1CVSS5.8AI score0.01957EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/13 1:20 p.m.4 views

CVE-2026-40394

A flaw was found in Varnish Cache and Varnish Enterprise. A remote attacker can trigger a denial of service by sending specific amounts of prefetched data during an HTTP/2 session upgrade. This vulnerability, known as a "workspace overflow," occurs when the system attempts to allocate a buffer,...

7.5CVSS5.8AI score0.00236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/13 10:49 a.m.4 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-40395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish Enterprise before 6.0.16r12 allows a workspace overflow denial of service daemon panic for shared VCL. The headerplus.writereq0 function from...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/12 9:30 p.m.8 views

EUVD-2026-21740

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

4CVSS5.9AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/12 9:30 p.m.8 views

EUVD-2026-21738

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

4CVSS6AI score0.00236EPSS
Exploits0References2
NVD
NVD
added 2026/04/12 8:16 p.m.14 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

7.5CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/04/12 8:16 p.m.4 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

7.5CVSS0.00236EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/12 8:16 p.m.9 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

7.5CVSS5.8AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2026/04/12 8:16 p.m.2 views

UBUNTU-CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/12 7:21 p.m.3 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

4CVSS5.9AI score0.00236EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/12 7:21 p.m.1 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

4CVSS5.9AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/12 7:21 p.m.25 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

4CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/04/12 7:21 p.m.11 views

CVE-2026-40395

CVE-2026-40395 affects Varnish Enterprise prior to 6.0.16r12. A workspace overflow can occur in the vmod_headerplus module when header fields are excessive in a modified req0, causing a daemon panic and Denial of Service. Details in multiple sources describe the root cause as the headerplus.write...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/04/12 7:21 p.m.3 views

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

7.5CVSS5.6AI score0.00236EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.9 views

Varnish Enterprise 安全漏洞

Varnish Enterprise is a high-performance caching software developed by the Varnish company. It is designed for handling high-traffic scenarios and optimizing business operations. Versions of Varnish Enterprise prior to 6.0.16r12 contained security vulnerabilities. These vulnerabilities stemmed fr...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.5 views

Varnish Cache和Varnish Enterprise 安全漏洞

Varnish Cache and Varnish Enterprise are both products from the Varnish company. Varnish Cache is a set of reverse website caching servers. Varnish Enterprise is a high-performance caching software designed for handling high-traffic and optimizing businesses. There were security vulnerabilities i...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.5 views

PT-2026-32184

Name of the Vulnerable Software and Affected Versions Varnish Enterprise versions prior to 6.0.16r12 Description Varnish Enterprise versions before 6.0.16r12 are susceptible to a denial of service daemon panic due to a workspace overflow when handling shared VCL. The headerplus.write req0 functio...

4CVSS5.9AI score0.00236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/30 10:54 a.m.10 views

CVE-2026-34475

A flaw was found in Varnish Cache and Varnish Enterprise. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 requests with a path of / in the URL. This mishandling of URLs, specifically in unchecked req.url scenarios, could lead to cache poisoning, where an...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/27 9:31 p.m.9 views

EUVD-2026-16801

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References2
Rows per page
Query Builder