Vulnerabilities > Varnish Cache Project > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
7.5
2022-11-09 CVE-2022-45059 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. 		7.5
7.5
2022-11-09 CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. 7.5
7.5
2022-08-11 CVE-2022-38150 In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses.
network
low complexity
varnish-cache-project fedoraproject
7.5
7.5
2020-02-12 CVE-2013-4090 Unspecified vulnerability in Varnish Cache Project Varnish Cache
Varnish HTTP cache before 3.0.4: ACL bug
network
low complexity
varnish-cache-project
7.5
7.5
2019-09-03 CVE-2019-15892 Reachable Assertion vulnerability in multiple products
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. 		7.5
7.5
2017-08-04 CVE-2017-12425 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. 		7.5
7.5
2016-04-25 CVE-2015-8852 Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
network
low complexity
varnish-cache-project debian
7.5
7.5