Total
5330 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33193 | 5 Apache, Debian, Fedoraproject and 2 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | |||||
| CVE-2021-36160 | 6 Apache, Broadcom, Debian and 3 more | 13 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 10 more | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | |||||
| CVE-2021-39275 | 6 Apache, Debian, Fedoraproject and 3 more | 11 Http Server, Debian Linux, Fedora and 8 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2021-44790 | 7 Apache, Apple, Debian and 4 more | 14 Http Server, Mac Os X, Macos and 11 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | |||||
| CVE-2022-23943 | 4 Apache, Debian, Fedoraproject and 1 more | 5 Http Server, Debian Linux, Fedora and 2 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. | |||||
| CVE-2022-26377 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. | |||||
| CVE-2022-28615 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2025-05-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. | |||||
| CVE-2022-30556 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | |||||
| CVE-2022-31813 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. | |||||
| CVE-2022-45062 | 3 Debian, Fedoraproject, Xfce | 3 Debian Linux, Fedora, Xfce4-settings | 2025-05-01 | N/A | 9.8 CRITICAL |
| In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. | |||||
| CVE-2022-45060 | 4 Debian, Fedoraproject, Varnish-software and 1 more | 5 Debian Linux, Fedora, Varnish Cache and 2 more | 2025-05-01 | N/A | 7.5 HIGH |
| An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | |||||
| CVE-2022-45059 | 2 Fedoraproject, Varnish Cache Project | 2 Fedora, Varnish Cache | 2025-05-01 | N/A | 7.5 HIGH |
| An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. | |||||
| CVE-2022-37290 | 2 Fedoraproject, Gnome | 2 Fedora, Nautilus | 2025-05-01 | N/A | 5.5 MEDIUM |
| GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. | |||||
| CVE-2023-5218 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-30 | N/A | 8.8 HIGH |
| Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2023-5482 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-30 | N/A | 8.8 HIGH |
| Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-5856 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-5855 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2023-5854 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2023-5852 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2023-5849 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||