pkg:Debian/varnish

All known vulnerabilities

• MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
  from 0
• CRITICAL9.8CVE-2026-34475Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of /…
  from 0
• CRITICAL9.8CVE-2009-4488Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window'…
  from 0
• CRITICAL9.1CVE-2022-23959varnish - security update
  from 0, < 5.0.0-7+deb9u3
• CRITICAL9.1CVE-2022-23959varnish - security update
  from 0, < 6.5.1-1+deb11u2
• CRITICAL9.1CVE-2017-8807varnish - security update
  from 0, < 5.0.0-7+deb9u2
• CRITICAL9.1CVE-2017-8807varnish - security update
  from 0, < 5.2.1-1
• HIGH7.5CVE-2026-40394Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for cer…
  from 0
• HIGH7.5CVE-2025-8671Pingora MadeYouReset HTTP/2 vulnerability
  from 0
• HIGH7.5CVE-2024-30156Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaust…
  from 0
• HIGH7.5CVE-2022-45060varnish - security update
  from 0, < 6.5.1-1+deb11u3
• HIGH7.5CVE-2022-45060varnish - security update
  from 0, < 6.5.1-1+deb11u3
• HIGH7.5CVE-2022-45059An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1.
  from 0, < 7.1.1-1.1
• HIGH7.5CVE-2022-38150In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through for…
  from 0, < 7.1.1-1
• HIGH7.5CVE-2020-11653varnish - security update
  from 0, < 6.4.0-1
• HIGH7.5CVE-2020-11653varnish - security update
  from 0, < 6.1.1-1+deb10u4
• HIGH7.5CVE-2019-20637An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1.
  from 0, < 6.4.0-1
• HIGH7.5CVE-2013-4090Varnish HTTP cache before 3.0.4: ACL bug
  from 0, < 3.0.4-1
• HIGH7.5CVE-2019-15892varnish - security update
  from 0, < 6.2.1-1
• HIGH7.5CVE-2019-15892varnish - security update
  from 0, < 6.1.1-1+deb10u1
• HIGH7.5CVE-2017-12425varnish - security update
  from 0, < 4.0.2-1+deb8u1
• HIGH7.5CVE-2017-12425varnish - security update
  from 0, < 5.0.0-7.1
• HIGH7.5CVE-2015-8852varnish - security update
  from 0, < 4.0.0-1
• HIGH7.5CVE-2015-8852varnish - security update
  from 0, < 3.0.2-2+deb7u2
• MEDIUM6.5CVE-2021-36740varnish - security update
  from 0, < 6.5.1-1+deb11u2
• MEDIUM6.5CVE-2021-36740varnish - security update
  from 0, < 6.1.1-1+deb10u3
• MEDIUM5.4CVE-2025-47905varnish - security update
  from 0, < 6.5.1-1+deb11u5
• MEDIUM5.4CVE-2025-47905varnish - security update
  from 0, < 6.5.1-1+deb11u5
• MEDIUM4.8CVE-2025-30346varnish - security update
  from 0, < 7.1.1-2+deb12u1
• MEDIUM4.8CVE-2025-30346varnish - security update
  from 0, < 6.5.1-1+deb11u4
• MEDIUM4.8CVE-2025-30346varnish - security update
  from 0, < 6.5.1-1+deb11u4
• —CVE-2013-4484varnish - denial of service
  from 0, < 2.1.3-8+deb6u1
• —CVE-2013-4484varnish - denial of service
  from 0, < 3.0.5-1
• —CVE-2009-2936The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before…
  from 0, < 2.1.0-2