Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30346 | 2 Varnish-software, Varnish Cache Project | 2 Varnish Enterprise, Varnish Cache | 2025-03-24 | N/A | 5.4 MEDIUM |
| Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests. | |||||
| CVE-2025-30347 | 1 Varnish-software | 1 Varnish Enterprise | 2025-03-24 | N/A | 4.0 MEDIUM |
| Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects. | |||||
| CVE-2023-41104 | 1 Varnish-software | 2 Varnish Enterprise, Vmod Digest | 2024-11-21 | N/A | 6.5 MEDIUM |
| libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. | |||||