Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-11653 | 4 Debian, Opensuse, Varnish-cache and 1 more | 5 Debian Linux, Backports Sle, Leap and 2 more | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. | |||||
CVE-2021-36740 | 5 Debian, Fedoraproject, Varnish-cache and 2 more | 5 Debian Linux, Fedora, Varnish Cache and 2 more | 2022-08-02 | 6.4 MEDIUM | 6.5 MEDIUM |
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8. | |||||
CVE-2019-20637 | 3 Opensuse, Varnish-cache, Varnish-software | 4 Backports Sle, Leap, Varnish Cache and 1 more | 2022-08-02 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. |