Search for packages
| purl | pkg:deb/debian/trafficserver@8.0.2%2Bds-1%2Bdeb10u6 |
| Next non-vulnerable version | 9.2.5+ds-0+deb12u3 |
| Latest non-vulnerable version | 9.2.5+ds-0+deb12u3 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-41x7-hv4u-byb9
Aliases: CVE-2022-32749 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-4men-293s-3bhn
Aliases: CVE-2023-33934 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-4wwn-74ac-p7dp
Aliases: CVE-2021-37150 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-568b-s8ks-vfa6
Aliases: CVE-2019-17565 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-5781-s1ny-q7ey
Aliases: CVE-2023-44487 GHSA-2m7v-gc89-fjqf GHSA-qppj-fm5r-hxr3 GHSA-vx74-f528-fxqg GHSA-xpw8-rcwv-8f8p GMS-2023-3377 VSV00013 |
Affected by 14 other vulnerabilities. |
|
|
VCID-6bwv-cd3d-mudb
Aliases: CVE-2019-17559 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-73aa-rk27-tye1
Aliases: CVE-2022-37392 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-7nhc-5p2x-t3cj
Aliases: CVE-2022-25763 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-931v-ukcc-6qaa
Aliases: CVE-2021-44040 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-aqt5-2ffy-9bgs
Aliases: CVE-2019-9515 |
HTTP/2: flood using SETTINGS frames results in unbounded memory growth |
Affected by 14 other vulnerabilities. |
|
VCID-b7zx-ywwc-57d9
Aliases: CVE-2022-31778 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-bb5y-kjej-bbfm
Aliases: CVE-2022-28129 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-bdgg-edbf-xfav
Aliases: CVE-2022-47184 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-btm9-vxvc-3qhv
Aliases: CVE-2019-10079 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-c5hc-3jtx-k3a6
Aliases: CVE-2019-9518 |
HTTP/2: flood using empty frames results in excessive resource consumption |
Affected by 14 other vulnerabilities. |
|
VCID-c675-5njd-63hk
Aliases: CVE-2021-27577 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-cbe5-hhz8-bqbn
Aliases: CVE-2021-44759 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-cscf-sb71-jybq
Aliases: CVE-2021-32566 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-esap-nkps-cfg9
Aliases: CVE-2024-35296 |
Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-fmwc-nmhh-ryaf
Aliases: CVE-2020-9481 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-fq5y-b9yq-nbee
Aliases: CVE-2021-37148 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-hbte-dsw2-y7ad
Aliases: CVE-2019-9512 GHSA-hgr8-6h9x-f7q9 |
golang.org/x/net/http vulnerable to ping floods Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. ### Specific Go Packages Affected golang.org/x/net/http2 |
Affected by 14 other vulnerabilities. |
|
VCID-j6r7-ypa1-zybv
Aliases: CVE-2020-17509 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-jabw-thzt-63bb
Aliases: CVE-2024-50306 |
Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-jb1b-9gr2-suez
Aliases: CVE-2024-35161 |
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-jdjf-3w9k-xbaw
Aliases: CVE-2023-41752 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-k2ks-3t6e-uqgu
Aliases: CVE-2020-1944 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-n66u-b73u-zucb
Aliases: CVE-2019-9514 GHSA-39qc-96h7-956f |
golang.org/x/net/http vulnerable to a reset flood Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. ### Specific Go Packages Affected golang.org/x/net/http2 |
Affected by 14 other vulnerabilities. |
|
VCID-p5f7-uu6r-8bez
Aliases: CVE-2022-31780 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-pxaf-6qxa-77h9
Aliases: CVE-2020-17508 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-rcdg-j23x-xfbn
Aliases: CVE-2024-38479 |
Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-rw58-bnwt-2bam
Aliases: CVE-2023-38522 |
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-skrs-cynm-r7du
Aliases: CVE-2023-33933 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-t559-a5u6-4ke1
Aliases: CVE-2021-37147 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-u5qg-vszr-9ye2
Aliases: CVE-2022-47185 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-uhqf-tsxe-ayc2
Aliases: CVE-2021-37149 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-uhxq-9bzs-u3fd
Aliases: CVE-2021-35474 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-uy1m-av2n-jybt
Aliases: CVE-2023-30631 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-w42s-4aps-y3c5
Aliases: CVE-2021-38161 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-waer-as81-8fed
Aliases: CVE-2024-31309 |
trafficserver: CONTINUATION frames DoS |
Affected by 14 other vulnerabilities. |
|
VCID-xh97-4sn5-vyfw
Aliases: CVE-2021-32567 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-xwdc-hndy-yubc
Aliases: CVE-2020-9494 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-xwru-y5m9-gucd
Aliases: CVE-2022-31779 |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-zmh1-wmct-uyf7
Aliases: CVE-2021-32565 |
security update |
Affected by 14 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-568b-s8ks-vfa6 | security update |
CVE-2019-17565
|
| VCID-6bwv-cd3d-mudb | security update |
CVE-2019-17559
|
| VCID-931v-ukcc-6qaa | security update |
CVE-2021-44040
|
| VCID-aqt5-2ffy-9bgs | HTTP/2: flood using SETTINGS frames results in unbounded memory growth |
CVE-2019-9515
|
| VCID-au6q-ek7r-8bgr | sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1. |
CVE-2018-11783
|
| VCID-btm9-vxvc-3qhv | security update |
CVE-2019-10079
|
| VCID-c5hc-3jtx-k3a6 | HTTP/2: flood using empty frames results in excessive resource consumption |
CVE-2019-9518
|
| VCID-c675-5njd-63hk | security update |
CVE-2021-27577
|
| VCID-cbe5-hhz8-bqbn | security update |
CVE-2021-44759
|
| VCID-cscf-sb71-jybq | security update |
CVE-2021-32566
|
| VCID-fmwc-nmhh-ryaf | security update |
CVE-2020-9481
|
| VCID-fq5y-b9yq-nbee | security update |
CVE-2021-37148
|
| VCID-hbte-dsw2-y7ad | golang.org/x/net/http vulnerable to ping floods Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. ### Specific Go Packages Affected golang.org/x/net/http2 |
CVE-2019-9512
GHSA-hgr8-6h9x-f7q9 |
| VCID-j6r7-ypa1-zybv | security update |
CVE-2020-17509
|
| VCID-k2ks-3t6e-uqgu | security update |
CVE-2020-1944
|
| VCID-msu4-5h99-2yaq | security update |
CVE-2017-5660
|
| VCID-n66u-b73u-zucb | golang.org/x/net/http vulnerable to a reset flood Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. ### Specific Go Packages Affected golang.org/x/net/http2 |
CVE-2019-9514
GHSA-39qc-96h7-956f |
| VCID-nbwy-fdv2-uydt | security update |
CVE-2017-7671
|
| VCID-pxaf-6qxa-77h9 | security update |
CVE-2020-17508
|
| VCID-qwmj-ez4q-7qex | security update |
CVE-2018-1318
|
| VCID-r86j-zujn-f7ez | security update |
CVE-2018-8005
|
| VCID-t559-a5u6-4ke1 | security update |
CVE-2021-37147
|
| VCID-ue7s-pn8b-vydz | security update |
CVE-2018-8004
|
| VCID-uhqf-tsxe-ayc2 | security update |
CVE-2021-37149
|
| VCID-uhxq-9bzs-u3fd | security update |
CVE-2021-35474
|
| VCID-va7d-ktp2-m7et | security update |
CVE-2018-8040
|
| VCID-w42s-4aps-y3c5 | security update |
CVE-2021-38161
|
| VCID-xh97-4sn5-vyfw | security update |
CVE-2021-32567
|
| VCID-xwdc-hndy-yubc | security update |
CVE-2020-9494
|
| VCID-zmh1-wmct-uyf7 | security update |
CVE-2021-32565
|