A crafted request uri-path can cause mod_proxy to forward the request to an origin server choos…

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an a…

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to gen…

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 lib…

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause…

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an ori…

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_se…

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message…

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apach…

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not…

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already fre…

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module…

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack …

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying…

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OF…

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output leng…

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which conta…

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer …

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information di…

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of recei…

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to ca…

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encount…

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with…

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, t…

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present…

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a r…

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation wit…

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack over…

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a…

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. …

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-…

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash …

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

The X.509 GeneralName type is a generic type for representing different types of names. One of …

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of…

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsin…

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak relat…