Vulnerabilities > Varnish Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-41104 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Varnish-Software Varnish Enterprise and Vmod Digest libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. | 6.5 |
| 2021-07-14 | CVE-2021-36740 | HTTP Request Smuggling vulnerability in multiple products Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. network low complexity varnish-cache varnish-cache-project varnish-software fedoraproject debian CWE-444 | 6.5 |