Vulnerabilities > Varnish Software

DATE CVE VULNERABILITY TITLE RISK
2023-08-23 CVE-2023-41104 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Varnish-Software Varnish Enterprise and Vmod Digest
libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.
network
low complexity
varnish-software CWE-119
6.5
2022-11-09 CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. 7.5
2022-01-26 CVE-2022-23959 HTTP Request Smuggling vulnerability in multiple products
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
9.1
2021-07-14 CVE-2021-36740 HTTP Request Smuggling vulnerability in multiple products
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request.
6.5
2020-04-08 CVE-2020-11653 Reachable Assertion vulnerability in multiple products
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2.
7.5
2020-04-08 CVE-2019-20637 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1.
7.5
2019-09-03 CVE-2019-15892 Reachable Assertion vulnerability in multiple products
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1.
7.5
2017-08-04 CVE-2017-12425 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2.
7.5