CVE-2026-6732

all versions

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD)

6.5MEDIUM

CVE-2025-6170

all versions

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an over

2.5LOW

CVE-2025-6021

all versions

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-base

7.5HIGH

CVE-2023-44487

all versions

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2021-40438

all versions

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue a

9.0CRITICAL

CVE-2021-3541

all versions

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and lea

6.5MEDIUM

CVE-2021-3516

all versions

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by

7.8HIGH

CVE-2020-25710

all versions

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by Ope

7.5HIGH

CVE-2021-3517

all versions

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a

8.6HIGH

CVE-2021-3518

all versions

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an applic

8.8HIGH

CVE-2020-25709

all versions

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd s

7.5HIGH

CVE-2021-3537

all versions

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content,

5.9MEDIUM

CVE-2019-9518

all versions

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker se

7.5HIGH

CVE-2019-9517

all versions

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Th

7.5HIGH

CVE-2019-9516

all versions

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stre

6.5MEDIUM

CVE-2019-9515

all versions

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a s

7.5HIGH

CVE-2019-9514

all versions

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a numb

7.5HIGH

CVE-2019-9513

all versions

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates mul

7.5HIGH

CVE-2019-9511

all versions

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading

7.5HIGH

CVE-2019-0197

all versions

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enable

4.2MEDIUM

CVE-2019-0211

all versions

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child pr

7.8HIGH

CVE-2018-17189

all versions

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream f

5.3MEDIUM

CVE-2018-11759

all versions

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache

7.5HIGH

CVE-2016-9598

all versions

libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds re

6.5MEDIUM

CVE-2016-9596

all versions

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of

6.5MEDIUM

CVE-2018-1333

all versions

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion a

7.5HIGH

CVE-2018-1312

all versions

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks

9.8CRITICAL

CVE-2017-12613

all versions

When apr_time_exp() or apr_os_exp_time() functions are invoked with an invalid month field value in Apache Portable Runtime APR

7.1HIGH

CVE-2016-8743

all versions

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in r

7.5HIGH

CVE-2017-9788

all versions

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was

9.1CRITICAL

CVE-2017-3167

all versions

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of t

9.8CRITICAL

CVE-2016-5387

all versions

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presenc

8.1HIGH

CVE-2016-3627

all versions

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent att

7.5HIGH