CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2022-23959 – varnish: HTTP/1 request smuggling vulnerability
https://notcve.org/view.php?id=CVE-2022-23959
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. En Varnish Cache versiones anteriores a 6.6.2 y 7.x versiones anteriores a 7.0.2, Varnish Cache 6.0 LTS versiones anteriores a 6.0.10, y Varnish Enterprise (Cache Plus) 4.1.x versiones anteriores a 4.1.11r6 y 6.0.x versiones anteriores a 6.0.9r4, puede producirse contrabando de peticiones para conexiones HTTP/1 A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language (VCL) processing since the Varnish server treats it as an additional request. • https://docs.varnish-software.com/security/VSV00008 https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT https://varnish-cache.org/security/VSV00008.html https://www.debian.org/security/2022/dsa-5088 https://access.redhat.com/security/cve/CVE-2022-23959 https://bugzilla.redhat.com/show_bug.cgi?id=2045031 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-22570 – Nullptr Dereference in Protobuf
https://notcve.org/view.php?id=CVE-2021-22570
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. Una desreferencia de puntero Null cuando un char nulo está presente en un símbolo proto. • https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0 https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY https://lists.fedoraproject.org/archi • CWE-476: NULL Pointer Dereference •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0361 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0361
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un desbordamiento de búfer basado en Heap en el repositorio de GitHub vim/vim anterior a 8.2 A flaw was found in vim. The vulnerability occurs due to illegal memory access when copying lines in visual mode and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://security.gentoo.org/glsa/202208-32 https://support.apple.com/kb/HT213444&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0368 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2022-0368
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Una Lectura fuera de límites en el repositorio de GitHub vim/vim anterior a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://security.gentoo.org/glsa/202208-32 https://support.apple.com/kb/HT213444&# • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0359 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0359
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un desbordamiento de búfer basado en Heap en el repositorio de GitHub vim/vim anterior a 8.2 A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large 'tabstop' in Ex mode, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://security.gentoo.org/glsa/202208-32 https://support.apple.com/kb/HT213444&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •