CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-25763 – Improper input validation on HTTP/2 headers
https://notcve.org/view.php?id=CVE-2022-25763
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en la comprobación de peticiones HTTP/2 de Apache Traffic Server permite a un atacante crear ataques de contrabando o envenenamiento de caché. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-28129 – Insufficient Validation of HTTP/1.x Headers
https://notcve.org/view.php?id=CVE-2022-28129
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis del encabezado HTTP/1.1 de Apache Traffic Server permite a un atacante enviar encabezados no válidos. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37150 – Protocol vs scheme mismatch
https://notcve.org/view.php?id=CVE-2021-37150
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis de encabezados de Apache Traffic Server permite a un atacante solicitar recursos seguros. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31780 – HTTP/2 framing vulnerabilities
https://notcve.org/view.php?id=CVE-2022-31780
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el manejo de tramas HTTP/2 de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2719
https://notcve.org/view.php?id=CVE-2022-2719
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. En ImageMagick, un archivo diseñado podría desencadenar un fallo de aserción cuando es realizada una llamada a la función WriteImages en el archivo MagickWand/operation.c, debido a una lista de imágenes NULL. Esto podría causar una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2116537 • CWE-617: Reachable Assertion •