Total
9133 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33193 | 5 Apache, Debian, Fedoraproject and 2 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | |||||
| CVE-2021-36160 | 6 Apache, Broadcom, Debian and 3 more | 13 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 10 more | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | |||||
| CVE-2021-39275 | 6 Apache, Debian, Fedoraproject and 3 more | 11 Http Server, Debian Linux, Fedora and 8 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2021-44790 | 7 Apache, Apple, Debian and 4 more | 14 Http Server, Mac Os X, Macos and 11 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | |||||
| CVE-2022-23943 | 4 Apache, Debian, Fedoraproject and 1 more | 5 Http Server, Debian Linux, Fedora and 2 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. | |||||
| CVE-2023-27522 | 3 Apache, Debian, Unbit | 3 Http Server, Debian Linux, Uwsgi | 2025-05-01 | N/A | 7.5 HIGH |
| HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. | |||||
| CVE-2008-0888 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more | 2025-05-01 | 9.3 HIGH | N/A |
| The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data. | |||||
| CVE-2022-45062 | 3 Debian, Fedoraproject, Xfce | 3 Debian Linux, Fedora, Xfce4-settings | 2025-05-01 | N/A | 9.8 CRITICAL |
| In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. | |||||
| CVE-2022-45060 | 4 Debian, Fedoraproject, Varnish-software and 1 more | 5 Debian Linux, Fedora, Varnish Cache and 2 more | 2025-05-01 | N/A | 7.5 HIGH |
| An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | |||||
| CVE-2024-30203 | 2 Debian, Gnu | 3 Debian Linux, Emacs, Org Mode | 2025-05-01 | N/A | 5.5 MEDIUM |
| In Emacs before 29.3, Gnus treats inline MIME contents as trusted. | |||||
| CVE-2024-30204 | 2 Debian, Gnu | 3 Debian Linux, Emacs, Org Mode | 2025-05-01 | N/A | 2.8 LOW |
| In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. | |||||
| CVE-2024-30205 | 2 Debian, Gnu | 3 Debian Linux, Emacs, Org Mode | 2025-05-01 | N/A | 7.1 HIGH |
| In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | |||||
| CVE-2023-5218 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-30 | N/A | 8.8 HIGH |
| Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2023-5482 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-30 | N/A | 8.8 HIGH |
| Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-26870 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-30 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr() with a buffer size = 0 returns the actual size of the buffer needed for a subsequent call. When size > 0, nfs4_listxattr() does not return an error because either generic_listxattr() or nfs4_listxattr_nfs4_label() consumes exactly all the bytes then size is 0 when calling nfs4_listxattr_nfs4_user() which then triggers the following kernel BUG: [ 99.403778] kernel BUG at mm/usercopy.c:102! [ 99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1 [ 99.415827] Call trace: [ 99.415985] usercopy_abort+0x70/0xa0 [ 99.416227] __check_heap_object+0x134/0x158 [ 99.416505] check_heap_object+0x150/0x188 [ 99.416696] __check_object_size.part.0+0x78/0x168 [ 99.416886] __check_object_size+0x28/0x40 [ 99.417078] listxattr+0x8c/0x120 [ 99.417252] path_listxattr+0x78/0xe0 [ 99.417476] __arm64_sys_listxattr+0x28/0x40 [ 99.417723] invoke_syscall+0x78/0x100 [ 99.417929] el0_svc_common.constprop.0+0x48/0xf0 [ 99.418186] do_el0_svc+0x24/0x38 [ 99.418376] el0_svc+0x3c/0x110 [ 99.418554] el0t_64_sync_handler+0x120/0x130 [ 99.418788] el0t_64_sync+0x194/0x198 [ 99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000) Issue is reproduced when generic_listxattr() returns 'system.nfs4_acl', thus calling lisxattr() with size = 16 will trigger the bug. Add check on nfs4_listxattr() to return ERANGE error when it is called with size > 0 and the return value is greater than size. | |||||
| CVE-2020-27792 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2025-04-30 | N/A | 7.1 HIGH |
| A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. | |||||
| CVE-2023-5856 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-5855 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2023-5854 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2023-5852 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | |||||