CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2819 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-2819
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. Un Desbordamiento de búfer en la Región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0211. • https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO https://security.gentoo.org/glsa/202305-16 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-38150
https://notcve.org/view.php?id=CVE-2022-38150
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1. En Varnish Cache versiones 7.0.0, 7.0.1, 7.0.2 y 7.1.0, es posible causar que el servidor Varnish sea afirmado y reiniciado automáticamente mediante respuestas backend HTTP/1 falsificadas. Un ataque usa una frase de razón diseñada de la línea de estado de la respuesta del backend. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3X4PEKC5C736SCKE2UG3Y7JWKMD2K6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2BUKFICLZBXESLQ3MXMIG3G52RZURFK https://varnish-cache.org/security/VSV00009.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31779 – Improper HTTP/2 scheme and method validation
https://notcve.org/view.php?id=CVE-2022-31779
Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis de encabezados de HTTP/2 de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-25763 – Improper input validation on HTTP/2 headers
https://notcve.org/view.php?id=CVE-2022-25763
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en la comprobación de peticiones HTTP/2 de Apache Traffic Server permite a un atacante crear ataques de contrabando o envenenamiento de caché. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-28129 – Insufficient Validation of HTTP/1.x Headers
https://notcve.org/view.php?id=CVE-2022-28129
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis del encabezado HTTP/1.1 de Apache Traffic Server permite a un atacante enviar encabezados no válidos. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •