CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21365
https://notcve.org/view.php?id=CVE-2020-21365
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. Una vulnerabilidad de salto de directorio en wkhtmltopdf versiones hasta 0.12.5, permite a atacantes remotos leer archivos locales y divulgar información confidencial por medio de un archivo html diseñado que es ejecutado con las configuraciones predeterminadas. • https://github.com/wkhtmltopdf/wkhtmltopdf/issues/4536 https://lists.debian.org/debian-lts-announce/2022/10/msg00027.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20369
https://notcve.org/view.php?id=CVE-2022-20369
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel En la función v4l2_m2m_querybuf del archivo v4l2-mem2mem.c, se presenta una posible escritura fuera de límites debido a una comprobación de entrada inapropiada. Esto podría conllevar a una escalada local de privilegios con los privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. • https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://source.android.com/security/bulletin/pixel/2022-08-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-28129 – Insufficient Validation of HTTP/1.x Headers
https://notcve.org/view.php?id=CVE-2022-28129
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis del encabezado HTTP/1.1 de Apache Traffic Server permite a un atacante enviar encabezados no válidos. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37150 – Protocol vs scheme mismatch
https://notcve.org/view.php?id=CVE-2021-37150
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis de encabezados de Apache Traffic Server permite a un atacante solicitar recursos seguros. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31780 – HTTP/2 framing vulnerabilities
https://notcve.org/view.php?id=CVE-2022-31780
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el manejo de tramas HTTP/2 de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •