Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  Security Vulnerabilities
CVE-2022-28131
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-08-10
CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-08-10
CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-08-10
CVE-2021-33645
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-10
CVE-2021-33646
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-10
CVE-2021-37150
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-10
CVE-2022-25763
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-08-10
CVE-2022-28129
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-10
CVE-2022-31779
Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-10
CVE-2022-31780
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved