Search for packages
| purl | pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3?distro=trixie |
| Next non-vulnerable version | 6.5.1-1+deb11u4 |
| Latest non-vulnerable version | 7.7.3-2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5781-s1ny-q7ey
Aliases: CVE-2023-44487 GHSA-2m7v-gc89-fjqf GHSA-qppj-fm5r-hxr3 GHSA-vx74-f528-fxqg GHSA-xpw8-rcwv-8f8p GMS-2023-3377 VSV00013 |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
|
VCID-cmeu-b3fh-hkaf
Aliases: CVE-2025-8671 VSV00017 |
upstream: |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-djsh-vmzh-sbe7
Aliases: CVE-2024-30156 VSV00014 |
varnish: HTTP/2 Broken Window Attack may result in denial of service |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-15q9-f712-bfgs | varnish: denial of service via colon-starting reason phrase |
CVE-2022-38150
|
| VCID-1hgg-j6bp-4qcz | Varnish: Varnish Enterprise: Denial of Service via workspace overflow |
CVE-2026-40395
|
| VCID-1wyt-mkrq-q3ek | varnish: Request Smuggling Vulnerability |
CVE-2022-45059
VSV00010 |
| VCID-4fbk-5fwk-efbd | security update |
CVE-2017-8807
|
| VCID-fgjt-z1kd-nbct | Improper input validation in Varnish allows remote attackers to conduct HTTP smuggling attacks, and possibly trigger a buffer overflow. |
CVE-2015-8852
|
| VCID-gt8m-rdmz-zkbd | varnish: Varnish Cache: Denial of Service via workspace overflow during HTTP/1 pipelining |
CVE-2026-40396
|
| VCID-hery-ps62-9kf5 | varnish: denial of service handling certain crafted HTTP/1 requests |
CVE-2019-15892
|
| VCID-hpb7-1n1t-n3em | varnish: Request Forgery Vulnerability |
CVE-2022-45060
VSV00011 |
| VCID-j1qj-kj7k-v7fx | varnish: request smuggling attacks |
CVE-2025-47905
VSV00016 |
| VCID-mbcb-cn8g-zfgw | varnish: HTTP/1 request smuggling vulnerability |
CVE-2022-23959
|
| VCID-nrzf-yt7d-x7dh | The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless. |
CVE-2009-2936
|
| VCID-ntj2-zryg-tubp | Varnish HTTP cache before 3.0.4: ACL bug |
CVE-2013-4090
|
| VCID-pww8-5fsd-1kcz | varnish: Client-Side Desynchronization in Varnish Cache |
CVE-2025-30346
VSV00015 |
| VCID-r7t1-a958-d7dg | varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request |
CVE-2021-36740
|
| VCID-rn5t-3pup-kbbv | varnish: not clearing pointer between two client requests leads to information disclosure |
CVE-2019-20637
|
| VCID-tn51-4but-w3dk | Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition. |
CVE-2013-0345
|
| VCID-tnwn-h2wc-q7c4 | security update |
CVE-2017-12425
|
| VCID-wm39-aehq-cyfb | varnish: remote clients may cause Varnish to assert and restart which could result in DoS |
CVE-2020-11653
|
| VCID-z4zn-dpfs-j7cq | Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition. |
CVE-2013-4484
|