apache2-prefork (SUSE:Linux Enterprise Server 16.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 16.0 package apache2-prefork, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2026-28780 — CVSS 9.8 (critical): Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this…
CVE-2026-23918 — CVSS 8.8 (high): Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66…
CVE-2026-24072 — CVSS 8.8 (high): An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the…
CVE-2025-58098 — CVSS 8.3 (high): Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query…
CVE-2025-55753 — CVSS 7.5 (high): An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations)…
CVE-2026-29169 — CVSS 7.5 (high): A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a…
CVE-2026-34059 — CVSS 7.5 (high): Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to…
CVE-2026-29168 — CVSS 7.3 (high): Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue…
CVE-2025-65082 — CVSS 6.5 (medium): Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the…
CVE-2026-33523 — CVSS 6.5 (medium): HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue…
CVE-2025-66200 — CVSS 5.4 (medium): mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader…
CVE-2026-33007 — CVSS 5.3 (medium): A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash…
CVE-2026-34032 — CVSS 5.3 (medium): Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66…
CVE-2026-33857 — CVSS 5.3 (medium): Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are…
CVE-2026-33006 — CVSS 4.8 (medium): A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users…