Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cache vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-45059
An issue exists in Varnish Cache 7.x prior to 7.1.2 and 7.2.x prior to 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the ...
Varnish Cache Project Varnish Cache 7.2.0
Varnish Cache Project Varnish Cache
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
3 Github repositories
7.8
CVSSv2
CVE-2019-15892
An issue exists in Varnish Cache prior to 6.0.4 LTS, and 6.1.x and 6.2.x prior to 6.2.1. An HTTP/1 parsing failure allows a remote malicious user to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it...
Varnish Cache Project Varnish Cache
Varnish-software Varnish Cache
Debian Debian Linux 10.0
5.5
CVSSv2
CVE-2018-17152
Intersystems Cache 2017.2.2.865.0 allows XXE.
Intersystems Cache 2017.2.2.865.0
Intersystems Cache 2018.1.2
2.1
CVSSv2
CVE-2017-8933
Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).
Libmenu-cache Project Libmenu-cache 1.0.2
2.1
CVSSv2
CVE-2013-0345
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information.
Varnish Cache Project Varnish Cache 3.0.3
4.3
CVSSv2
CVE-2018-17150
Intersystems Cache 2017.2.2.865.0 allows XSS.
Intersystems Cache 2017.2.2.865.0
Intersystems Cache 2018.1.2
5.5
CVSSv2
CVE-2018-17151
Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control.
Intersystems Cache 2018.1.2
Intersystems Cache 2017.2.2.865.0
6.4
CVSSv2
CVE-2022-23959
In Varnish Cache prior to 6.6.2 and 7.x prior to 7.0.2, Varnish Cache 6.0 LTS prior to 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x prior to 4.1.11r6 and 6.0.x prior to 6.0.9r4, request smuggling can occur for HTTP/1 connections.
Varnish-software Varnich Cache 4.1
Varnish-software Varnich Cache
Varnish Cache Project Varnish Cache
Varnish-software Varnish Cache
Varnish-software Varnish Cache Plus
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5
CVSSv2
CVE-2019-20637
An issue exists in Varnish Cache prior to 6.0.5 LTS, 6.1.x and 6.2.x prior to 6.2.2, and 6.3.x prior to 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed...
Varnish-cache Varnish Cache
Varnish-software Varnish Cache
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
NA
CVE-2022-25881
This affects versions of the package http-cache-semantics prior to 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Http-cache-semantics Project Http-cache-semantics
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »