Lucene search
+L
Varnish-softwareVarnish Enterprise

6 matches found

CVE
CVE
added 2025/03/21 12:0 a.m.175 views

CVE-2025-30346

Varnish Cache and Varnish Enterprise are affected by CVE-2025-30346: a HTTP/1 client-side desync vulnerability that can be triggered by malformed HTTP/1 requests. Affected versions are Varnish Cache prior to 7.6.2 and Varnish Enterprise prior to 6.0.13r10. The vulnerability description in connect...

5.4CVSS7.1AI score0.00289EPSS
CVE
CVE
added 2025/03/21 12:0 a.m.67 views

CVE-2025-30347

CVE-2025-30347 affects Varnish Enterprise prior to 6.0.13r13. The issue is an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects, enabling remote attackers to obtain sensitive information. The provided sources confirm the affected product/version and the basic impact (infor...

7.5CVSS6.6AI score0.00325EPSS
CVE
CVE
added 2023/08/23 12:0 a.m.54 views

CVE-2023-41104

Affected software: libvmod-digest (pre-1.0.3) used with Varnish Enterprise 6.0.x up to 6.0.11r5. Issue: out-of-bounds memory access during base64 decoding in libvmod-digest can cause authentication bypass and information disclosure; exact attack surface depends on the VCL configuration. Impact: a...

6.5CVSS6.5AI score0.0049EPSS
CVE
CVE
added 2026/04/12 7:17 p.m.44 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 are affected by a workspace overflow during HTTP/2 session upgrade. The vulnerability arises when the HTTP/2 upgrade path repurposes an HTTP/1 request as stream zero and allocates a buffer to reserve space for frames, which can ...

7.5CVSS6AI score0.00236EPSS
CVE
CVE
added 2026/03/27 7:40 p.m.26 views

CVE-2026-34475

CVE-2026-34475 affects Varnish Cache (Open Source) ≤ 8.0.0 and Varnish Enterprise ≤ 6.0.16r11, where an unchecked req.url in HTTP/1.1 requests with a root path (/) can be passed to backends that accept absolute-form URIs, enabling cache poisoning or authentication bypass. The issue stems from how...

9.8CVSS5.9AI score0.00202EPSS
CVE
CVE
added 2026/04/12 7:21 p.m.18 views

CVE-2026-40395

CVE-2026-40395 affects Varnish Enterprise prior to 6.0.16r12. A workspace overflow can occur in the vmod_headerplus module when header fields are excessive in a modified req0, causing a daemon panic and Denial of Service. Details in multiple sources describe the root cause as the headerplus.write...

7.5CVSS5.9AI score0.00236EPSS