NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2024-38477

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-23218 

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2021-37322 

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.

NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2023-31484 

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2024-38474 

Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.

NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-23219 

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-44840 

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-48560 

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2023-43804 

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2024-38475

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.