The Apache httpd reports:
- moderate: mod_proxy_wstunnel tunneling of non Upgraded
connections (CVE-2019-17567)
- moderate: Improper Handling of Insufficient Privileges
(CVE-2020-13938)
- low: mod_proxy_http NULL pointer dereference
(CVE-2020-13950)
- low: mod_auth_digest possible stack overflow by one nul byte
(CVE-2020-35452)
- low: mod_session NULL pointer dereference (CVE-2021-26690)
- low: mod_session response handling heap overflow (CVE-2021-26691)
- moderate: Unexpected URL matching with 'MergeSlashes OFF'
(CVE-2021-30641)
- important: NULL pointer dereference on specially crafted HTTP/2
request (CVE-2021-31618)