116 matches found
CVE-2026-40395
Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...
CVE-2026-40395
Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...
CVE-2026-40395
Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...
CVE-2026-40395
Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...
CVE-2026-40395
Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...
PT-2026-32184
Name of the Vulnerable Software and Affected Versions Varnish Enterprise versions prior to 6.0.16r12 Description Varnish Enterprise versions before 6.0.16r12 are susceptible to a denial of service daemon panic due to a workspace overflow when handling shared VCL. The headerplus.write req0 functio...
EUVD-2014-1023
Malware in sbrugna...
EUVD-2018-3780
Malware in sbrugna...
EUVD-2018-3781
Malware in sbrugna...
EUVD-2013-0295
Malware in sbrugna...
EUVD-2018-3782
Malware in sbrugna...
EUVD-2024-54303
Malicious code in bioql PyPI...
EUVD-2024-54302
Malicious code in bioql PyPI...
MAL-2025-6142 Malicious code in @verge-vcl-react/data-grid (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c4f54ea3248c3fdbfda6a6a07da73bfd9f07ecceb0e4104dae677ae6452aaae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2018-11773
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...
CVE-2018-11772
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...
CVE-2018-11774
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...
CVE-2024-53678
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by th...
CVE-2024-53679
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevate...
CVE-2024-53679
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevate...