High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-09	CVE-2022-30556	Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. network low complexity apache netapp fedoraproject	7.5
2022-03-14	CVE-2022-22719	Improper Initialization vulnerability in multiple products A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. network low complexity apache debian fedoraproject oracle apple CWE-665	7.5
2021-12-20	CVE-2021-44224	NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). network low complexity apache fedoraproject debian tenable oracle apple CWE-476	8.2
2021-10-05	CVE-2021-41524	NULL Pointer Dereference vulnerability in multiple products While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. network low complexity apache fedoraproject oracle netapp CWE-476	7.5
2021-10-05	CVE-2021-41773	Path Traversal vulnerability in multiple products A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. network low complexity apache fedoraproject oracle netapp CWE-22	7.5
2021-09-16	CVE-2021-34798	NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. network low complexity apache fedoraproject debian netapp tenable oracle broadcom siemens CWE-476	7.5
2021-09-16	CVE-2021-36160	Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). network low complexity apache fedoraproject debian netapp oracle broadcom CWE-125	7.5
2021-08-16	CVE-2021-33193	A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. network low complexity apache fedoraproject tenable oracle	7.5
2021-06-15	CVE-2021-31618	NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. network low complexity apache fedoraproject debian oracle CWE-476	7.5
2021-06-10	CVE-2020-13950	NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service network low complexity apache debian fedoraproject oracle CWE-476	7.5