Search for packages
| purl | pkg:deb/debian/varnish@7.7.3-2?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-15q9-f712-bfgs | varnish: denial of service via colon-starting reason phrase |
CVE-2022-38150
|
| VCID-1hgg-j6bp-4qcz | Varnish: Varnish Enterprise: Denial of Service via workspace overflow |
CVE-2026-40395
|
| VCID-1wyt-mkrq-q3ek | varnish: Request Smuggling Vulnerability |
CVE-2022-45059
VSV00010 |
| VCID-4fbk-5fwk-efbd | security update |
CVE-2017-8807
|
| VCID-5781-s1ny-q7ey |
CVE-2023-44487
GHSA-2m7v-gc89-fjqf GHSA-qppj-fm5r-hxr3 GHSA-vx74-f528-fxqg GHSA-xpw8-rcwv-8f8p GMS-2023-3377 VSV00013 |
|
| VCID-cmeu-b3fh-hkaf | upstream: |
CVE-2025-8671
VSV00017 |
| VCID-djsh-vmzh-sbe7 | varnish: HTTP/2 Broken Window Attack may result in denial of service |
CVE-2024-30156
VSV00014 |
| VCID-fgjt-z1kd-nbct | Improper input validation in Varnish allows remote attackers to conduct HTTP smuggling attacks, and possibly trigger a buffer overflow. |
CVE-2015-8852
|
| VCID-gt8m-rdmz-zkbd | varnish: Varnish Cache: Denial of Service via workspace overflow during HTTP/1 pipelining |
CVE-2026-40396
|
| VCID-hery-ps62-9kf5 | varnish: denial of service handling certain crafted HTTP/1 requests |
CVE-2019-15892
|
| VCID-hpb7-1n1t-n3em | varnish: Request Forgery Vulnerability |
CVE-2022-45060
VSV00011 |
| VCID-j1qj-kj7k-v7fx | varnish: request smuggling attacks |
CVE-2025-47905
VSV00016 |
| VCID-mbcb-cn8g-zfgw | varnish: HTTP/1 request smuggling vulnerability |
CVE-2022-23959
|
| VCID-nrzf-yt7d-x7dh | The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless. |
CVE-2009-2936
|
| VCID-ntj2-zryg-tubp | Varnish HTTP cache before 3.0.4: ACL bug |
CVE-2013-4090
|
| VCID-pww8-5fsd-1kcz | varnish: Client-Side Desynchronization in Varnish Cache |
CVE-2025-30346
VSV00015 |
| VCID-r7t1-a958-d7dg | varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request |
CVE-2021-36740
|
| VCID-rn5t-3pup-kbbv | varnish: not clearing pointer between two client requests leads to information disclosure |
CVE-2019-20637
|
| VCID-tn51-4but-w3dk | Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition. |
CVE-2013-0345
|
| VCID-tnwn-h2wc-q7c4 | security update |
CVE-2017-12425
|
| VCID-wm39-aehq-cyfb | varnish: remote clients may cause Varnish to assert and restart which could result in DoS |
CVE-2020-11653
|
| VCID-z4zn-dpfs-j7cq | Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition. |
CVE-2013-4484
|