Vulnerabilities > Varnish Cache

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-36740 HTTP Request Smuggling vulnerability in multiple products
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. 		6.5
6.5
2021-03-16 CVE-2021-28543 Reachable Assertion vulnerability in multiple products
Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations.
network
low complexity
varnish-cache fedoraproject CWE-617
7.5
7.5
2020-04-08 CVE-2020-11653 Reachable Assertion vulnerability in multiple products
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. 		7.5
7.5
2020-04-08 CVE-2019-20637 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. 		5.0
5.0
2017-11-16 CVE-2017-8807 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects. 		6.4
6.4
2017-08-04 CVE-2017-12425 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. 		5.0
5.0
2013-11-01 CVE-2013-4484 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI. 		5.0
5.0