Search for packages
| purl | pkg:deb/debian/varnish@1.0.2-2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4fbk-5fwk-efbd
Aliases: CVE-2017-8807 |
security update |
Affected by 10 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-fgjt-z1kd-nbct
Aliases: CVE-2015-8852 |
Improper input validation in Varnish allows remote attackers to conduct HTTP smuggling attacks, and possibly trigger a buffer overflow. |
Affected by 13 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-hery-ps62-9kf5
Aliases: CVE-2019-15892 |
varnish: denial of service handling certain crafted HTTP/1 requests |
Affected by 8 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-hpb7-1n1t-n3em
Aliases: CVE-2022-45060 VSV00011 |
varnish: Request Forgery Vulnerability |
Affected by 5 other vulnerabilities. |
|
VCID-j1qj-kj7k-v7fx
Aliases: CVE-2025-47905 VSV00016 |
varnish: request smuggling attacks |
Affected by 3 other vulnerabilities. |
|
VCID-mbcb-cn8g-zfgw
Aliases: CVE-2022-23959 |
varnish: HTTP/1 request smuggling vulnerability |
Affected by 8 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-nrzf-yt7d-x7dh
Aliases: CVE-2009-2936 |
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless. |
Affected by 13 other vulnerabilities. |
|
VCID-ntj2-zryg-tubp
Aliases: CVE-2013-4090 |
Varnish HTTP cache before 3.0.4: ACL bug |
Affected by 10 other vulnerabilities. |
|
VCID-pww8-5fsd-1kcz
Aliases: CVE-2025-30346 VSV00015 |
varnish: Client-Side Desynchronization in Varnish Cache |
Affected by 3 other vulnerabilities. |
|
VCID-r7t1-a958-d7dg
Aliases: CVE-2021-36740 |
varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request |
Affected by 8 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-rn5t-3pup-kbbv
Aliases: CVE-2019-20637 |
varnish: not clearing pointer between two client requests leads to information disclosure |
Affected by 5 other vulnerabilities. |
|
VCID-tnwn-h2wc-q7c4
Aliases: CVE-2017-12425 |
security update |
Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-wm39-aehq-cyfb
Aliases: CVE-2020-11653 |
varnish: remote clients may cause Varnish to assert and restart which could result in DoS |
Affected by 5 other vulnerabilities. |
|
VCID-z4zn-dpfs-j7cq
Aliases: CVE-2013-4484 |
Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition. |
Affected by 13 other vulnerabilities. Affected by 10 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||