Vulnerabilities > Varnish Software

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-23	CVE-2023-41104	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Varnish-Software Varnish Enterprise and Vmod Digest libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. network low complexity varnish-software CWE-119	6.5
2022-11-09	CVE-2022-45060	An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. network low complexity varnish-software varnish-cache-project fedoraproject debian	7.5
2022-01-26	CVE-2022-23959	HTTP Request Smuggling vulnerability in multiple products In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. network low complexity varnish-software varnish-cache-project fedoraproject debian CWE-444 critical	9.1
2021-07-14	CVE-2021-36740	HTTP Request Smuggling vulnerability in multiple products Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. network low complexity varnish-cache varnish-cache-project varnish-software fedoraproject debian CWE-444	6.5
2020-04-08	CVE-2020-11653	Reachable Assertion vulnerability in multiple products An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. network low complexity varnish-cache varnish-software opensuse debian CWE-617	7.5
2020-04-08	CVE-2019-20637	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. network low complexity varnish-cache varnish-software opensuse CWE-212	7.5
2019-09-03	CVE-2019-15892	Reachable Assertion vulnerability in multiple products An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. network low complexity varnish-cache-project varnish-software debian CWE-617	7.5
2017-08-04	CVE-2017-12425	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. network low complexity varnish-cache varnish-cache-project varnish-software CWE-190	7.5

Vulnerabilities > Varnish Software {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Varnish Software"}]}

Vulnerabilities > Varnish Software