Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-07	CVE-2021-42013	It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. network low complexity apache fedoraproject oracle netapp critical	9.8
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0
2021-09-16	CVE-2021-39275	Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. network low complexity apache fedoraproject debian netapp oracle siemens CWE-787 critical	9.8
2021-06-10	CVE-2021-26691	Out-of-bounds Write vulnerability in multiple products In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow network low complexity apache debian fedoraproject oracle netapp CWE-787 critical	9.8
2020-08-07	CVE-2020-11984	Classic Buffer Overflow vulnerability in multiple products Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE network low complexity apache netapp canonical debian fedoraproject opensuse oracle CWE-120 critical	9.8
2019-09-26	CVE-2019-10082	Use After Free vulnerability in multiple products In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. network low complexity apache oracle CWE-416 critical	9.1
2018-03-26	CVE-2018-1312	Improper Authentication vulnerability in multiple products In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. network low complexity apache canonical debian netapp redhat CWE-287 critical	9.8
2017-07-13	CVE-2017-9788	Improper Input Validation vulnerability in multiple products In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. network low complexity apache debian apple netapp redhat oracle CWE-20 critical	9.1
2017-06-20	CVE-2017-3167	Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. network low complexity apache netapp redhat apple debian oracle CWE-287 critical	9.8
2017-06-20	CVE-2017-3169	NULL Pointer Dereference vulnerability in Apache Http Server In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. network low complexity apache CWE-476 critical	9.8