Vulnerabilidades em varnish-software
7 resultadosCVE-2026-40396MEDIUMVarnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could sEPSS 0.3%CVE-2025-30347MEDIUMVarnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on EPSS 0.3%CVE-2025-47905MEDIUMVarnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, becaEPSS 0.3%CVE-2025-30346MEDIUMVarnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.EPSS 0.3%CVE-2026-40395MEDIUMVarnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0EPSS 0.2%CVE-2026-40394MEDIUMVarnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certEPSS 0.2%CVE-2026-34475MEDIUMVarnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / EPSS 0.2%