CVE-2025-8671
- EPSS 0.08%
- Veröffentlicht 13.08.2025 12:03:37
- Zuletzt bearbeitet 17.08.2025 15:15:25
A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By op...
CVE-2025-47905
- EPSS 0.06%
- Veröffentlicht 13.05.2025 00:00:00
- Zuletzt bearbeitet 29.05.2025 09:15:26
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
CVE-2025-30346
- EPSS 0.06%
- Veröffentlicht 21.03.2025 00:00:00
- Zuletzt bearbeitet 02.04.2025 22:15:20
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
CVE-2025-30347
- EPSS 0.05%
- Veröffentlicht 21.03.2025 00:00:00
- Zuletzt bearbeitet 24.03.2025 14:19:23
Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.
CVE-2023-41104
- EPSS 0.18%
- Veröffentlicht 23.08.2023 07:15:08
- Zuletzt bearbeitet 21.11.2024 08:20:35
libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depe...