apache2 (SUSE:Linux Enterprise Point of Sale 11 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Point of Sale 11 SP3 package apache2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (16)
CVE-2010-0425 — CVSS 10.0 (critical): modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7…
CVE-2021-39275 — CVSS 9.8 (critical): ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these…
CVE-2022-22720 — CVSS 9.8 (critical): Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing…
CVE-2017-3167 — CVSS 9.8 (critical): In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the…
CVE-2017-3169 — CVSS 9.8 (critical): In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call…
CVE-2017-7679 — CVSS 9.8 (critical): In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious…
CVE-2022-22721 — CVSS 9.1 (critical): If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens…
CVE-2017-9798 — CVSS 7.5 (high): Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file…
CVE-2017-7668 — CVSS 7.5 (high): The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows…
CVE-2009-2699 — CVSS 7.5 (high): The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as…
CVE-2020-35452 — CVSS 7.3 (high): Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no…
CVE-2020-1934 — CVSS 5.3 (medium): In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2014-0118 — CVSS 4.3 (medium): The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body…
CVE-2012-0021 — CVSS 2.6 (low): The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded…