VulnerableCode Package Details - pkg:deb/debian/varnish@4.0.2-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/varnish@4.0.2-1

Essentials
History (57)

purl	pkg:deb/debian/varnish@4.0.2-1

Next non-vulnerable version	7.7.3-2
Latest non-vulnerable version	7.7.3-2
Risk	4.1

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-4fbk-5fwk-efbd Aliases: CVE-2017-8807	security update	5.0.0-7+deb9u2 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.1.1-1+deb10u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hery-ps62-9kf5 Aliases: CVE-2019-15892	varnish: denial of service handling certain crafted HTTP/1 requests	6.1.1-1+deb10u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.5.1-1+deb11u3 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hpb7-1n1t-n3em Aliases: CVE-2022-45060 VSV00011	varnish: Request Forgery Vulnerability	6.5.1-1+deb11u3 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-j1qj-kj7k-v7fx Aliases: CVE-2025-47905 VSV00016	varnish: request smuggling attacks	7.1.1-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mbcb-cn8g-zfgw Aliases: CVE-2022-23959	varnish: HTTP/1 request smuggling vulnerability	6.1.1-1+deb10u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.5.1-1+deb11u3 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pww8-5fsd-1kcz Aliases: CVE-2025-30346 VSV00015	varnish: Client-Side Desynchronization in Varnish Cache	7.1.1-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-r7t1-a958-d7dg Aliases: CVE-2021-36740	varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request	6.1.1-1+deb10u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.5.1-1+deb11u3 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rn5t-3pup-kbbv Aliases: CVE-2019-20637	varnish: not clearing pointer between two client requests leads to information disclosure	6.5.1-1+deb11u3 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tnwn-h2wc-q7c4 Aliases: CVE-2017-12425	security update	4.0.2-1+deb8u1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.0.0-7+deb9u2 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.1.1-1+deb10u3 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wm39-aehq-cyfb Aliases: CVE-2020-11653	varnish: remote clients may cause Varnish to assert and restart which could result in DoS	6.5.1-1+deb11u3 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-fgjt-z1kd-nbct	Improper input validation in Varnish allows remote attackers to conduct HTTP smuggling attacks, and possibly trigger a buffer overflow.	CVE-2015-8852
VCID-ntj2-zryg-tubp	Varnish HTTP cache before 3.0.4: ACL bug	CVE-2013-4090
VCID-z4zn-dpfs-j7cq	Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition.	CVE-2013-4484

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T00:12:45.172190+00:00	Debian Oval Importer	Affected by	VCID-tnwn-h2wc-q7c4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:37:06.259776+00:00	Debian Oval Importer	Fixing	VCID-ntj2-zryg-tubp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:33:46.979590+00:00	Debian Oval Importer	Affected by	VCID-j1qj-kj7k-v7fx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:32:25.780684+00:00	Debian Oval Importer	Affected by	VCID-hery-ps62-9kf5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:26:41.671971+00:00	Debian Oval Importer	Affected by	VCID-rn5t-3pup-kbbv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:46:23.246416+00:00	Debian Oval Importer	Affected by	VCID-r7t1-a958-d7dg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:40:13.814660+00:00	Debian Oval Importer	Affected by	VCID-mbcb-cn8g-zfgw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:33:42.994129+00:00	Debian Oval Importer	Affected by	VCID-hpb7-1n1t-n3em	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:16:28.835556+00:00	Debian Oval Importer	Affected by	VCID-pww8-5fsd-1kcz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:01:44.168541+00:00	Debian Oval Importer	Affected by	VCID-4fbk-5fwk-efbd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:45:00.554767+00:00	Debian Oval Importer	Fixing	VCID-z4zn-dpfs-j7cq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:25:26.623704+00:00	Debian Oval Importer	Affected by	VCID-wm39-aehq-cyfb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:34:41.034167+00:00	Debian Oval Importer	Fixing	VCID-fgjt-z1kd-nbct	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:04:45.485447+00:00	Debian Oval Importer	Affected by	VCID-mbcb-cn8g-zfgw	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T14:51:47.094170+00:00	Debian Oval Importer	Affected by	VCID-r7t1-a958-d7dg	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T14:41:15.930860+00:00	Debian Oval Importer	Affected by	VCID-hery-ps62-9kf5	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T14:11:59.824029+00:00	Debian Oval Importer	Affected by	VCID-4fbk-5fwk-efbd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:09:28.042703+00:00	Debian Oval Importer	Affected by	VCID-tnwn-h2wc-q7c4	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T13:52:10.851687+00:00	Debian Oval Importer	Affected by	VCID-tnwn-h2wc-q7c4	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-11T23:46:35.677445+00:00	Debian Oval Importer	Affected by	VCID-tnwn-h2wc-q7c4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:12:02.384613+00:00	Debian Oval Importer	Fixing	VCID-ntj2-zryg-tubp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:08:50.823980+00:00	Debian Oval Importer	Affected by	VCID-j1qj-kj7k-v7fx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:07:37.157465+00:00	Debian Oval Importer	Affected by	VCID-hery-ps62-9kf5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T22:03:50.774670+00:00	Debian Oval Importer	Affected by	VCID-rn5t-3pup-kbbv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:27:18.298484+00:00	Debian Oval Importer	Affected by	VCID-r7t1-a958-d7dg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:21:19.042340+00:00	Debian Oval Importer	Affected by	VCID-mbcb-cn8g-zfgw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:14:59.916348+00:00	Debian Oval Importer	Affected by	VCID-hpb7-1n1t-n3em	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:59:55.005004+00:00	Debian Oval Importer	Affected by	VCID-pww8-5fsd-1kcz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:45:47.637373+00:00	Debian Oval Importer	Affected by	VCID-4fbk-5fwk-efbd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:31:49.291210+00:00	Debian Oval Importer	Fixing	VCID-z4zn-dpfs-j7cq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:12:40.712076+00:00	Debian Oval Importer	Affected by	VCID-wm39-aehq-cyfb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:22:38.382622+00:00	Debian Oval Importer	Fixing	VCID-fgjt-z1kd-nbct	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:53:03.005141+00:00	Debian Oval Importer	Affected by	VCID-mbcb-cn8g-zfgw	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T14:40:01.666850+00:00	Debian Oval Importer	Affected by	VCID-r7t1-a958-d7dg	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T14:29:34.295850+00:00	Debian Oval Importer	Affected by	VCID-hery-ps62-9kf5	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T14:00:32.159509+00:00	Debian Oval Importer	Affected by	VCID-4fbk-5fwk-efbd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:58:01.474991+00:00	Debian Oval Importer	Affected by	VCID-tnwn-h2wc-q7c4	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:40:51.794474+00:00	Debian Oval Importer	Affected by	VCID-tnwn-h2wc-q7c4	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-08T23:18:50.311082+00:00	Debian Oval Importer	Affected by	VCID-tnwn-h2wc-q7c4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:45:40.366617+00:00	Debian Oval Importer	Fixing	VCID-ntj2-zryg-tubp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:42:32.412848+00:00	Debian Oval Importer	Affected by	VCID-j1qj-kj7k-v7fx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:41:17.307723+00:00	Debian Oval Importer	Affected by	VCID-hery-ps62-9kf5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:40:49.410661+00:00	Debian Oval Importer	Affected by	VCID-rn5t-3pup-kbbv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:07:44.837352+00:00	Debian Oval Importer	Affected by	VCID-r7t1-a958-d7dg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:02:02.067927+00:00	Debian Oval Importer	Affected by	VCID-mbcb-cn8g-zfgw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:56:03.588388+00:00	Debian Oval Importer	Affected by	VCID-hpb7-1n1t-n3em	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:44:26.446519+00:00	Debian Oval Importer	Affected by	VCID-pww8-5fsd-1kcz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:30:49.362622+00:00	Debian Oval Importer	Affected by	VCID-4fbk-5fwk-efbd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:22:56.758097+00:00	Debian Oval Importer	Fixing	VCID-z4zn-dpfs-j7cq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:05:04.953194+00:00	Debian Oval Importer	Affected by	VCID-wm39-aehq-cyfb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:17:14.799212+00:00	Debian Oval Importer	Fixing	VCID-fgjt-z1kd-nbct	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T23:25:33.380008+00:00	Debian Oval Importer	Affected by	VCID-mbcb-cn8g-zfgw	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T23:13:03.296202+00:00	Debian Oval Importer	Affected by	VCID-r7t1-a958-d7dg	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T23:02:56.492207+00:00	Debian Oval Importer	Affected by	VCID-hery-ps62-9kf5	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T22:35:01.615387+00:00	Debian Oval Importer	Affected by	VCID-4fbk-5fwk-efbd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:32:41.081330+00:00	Debian Oval Importer	Affected by	VCID-tnwn-h2wc-q7c4	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:16:27.166410+00:00	Debian Oval Importer	Affected by	VCID-tnwn-h2wc-q7c4	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0