OPENSUSE-SU-2026:10785-1
Vulnerability from csaf_opensuse - Published: 2026-05-16 00:00 - Updated: 2026-05-16 00:00Summary
apache2-2.4.67-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: apache2-2.4.67-1.1 on GA media
Description of the patch: These are all security issues fixed in the apache2-2.4.67-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10785
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.7 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apache2-2.4.67-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apache2-2.4.67-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10785",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10785-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23918 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24072 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-28780 page",
"url": "https://www.suse.com/security/cve/CVE-2026-28780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-29168 page",
"url": "https://www.suse.com/security/cve/CVE-2026-29168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-29169 page",
"url": "https://www.suse.com/security/cve/CVE-2026-29169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33006 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33007 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33523 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33857 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34032 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34059 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34059/"
}
],
"title": "apache2-2.4.67-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-16T00:00:00Z",
"generator": {
"date": "2026-05-16T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10785-1",
"initial_release_date": "2026-05-16T00:00:00Z",
"revision_history": [
{
"date": "2026-05-16T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.67-1.1.aarch64",
"product": {
"name": "apache2-2.4.67-1.1.aarch64",
"product_id": "apache2-2.4.67-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.67-1.1.ppc64le",
"product": {
"name": "apache2-2.4.67-1.1.ppc64le",
"product_id": "apache2-2.4.67-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.67-1.1.s390x",
"product": {
"name": "apache2-2.4.67-1.1.s390x",
"product_id": "apache2-2.4.67-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.67-1.1.x86_64",
"product": {
"name": "apache2-2.4.67-1.1.x86_64",
"product_id": "apache2-2.4.67-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.67-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64"
},
"product_reference": "apache2-2.4.67-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.67-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le"
},
"product_reference": "apache2-2.4.67-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.67-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x"
},
"product_reference": "apache2-2.4.67-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.67-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
},
"product_reference": "apache2-2.4.67-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23918"
}
],
"notes": [
{
"category": "general",
"text": "Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.\n\nThis issue affects Apache HTTP Server: 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23918",
"url": "https://www.suse.com/security/cve/CVE-2026-23918"
},
{
"category": "external",
"summary": "SUSE Bug 1263957 for CVE-2026-23918",
"url": "https://bugzilla.suse.com/1263957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-23918"
},
{
"cve": "CVE-2026-24072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24072"
}
],
"notes": [
{
"category": "general",
"text": "An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24072",
"url": "https://www.suse.com/security/cve/CVE-2026-24072"
},
{
"category": "external",
"summary": "SUSE Bug 1263935 for CVE-2026-24072",
"url": "https://bugzilla.suse.com/1263935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-24072"
},
{
"cve": "CVE-2026-28780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-28780"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.\nIf mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-28780",
"url": "https://www.suse.com/security/cve/CVE-2026-28780"
},
{
"category": "external",
"summary": "SUSE Bug 1264163 for CVE-2026-28780",
"url": "https://bugzilla.suse.com/1264163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-28780"
},
{
"cve": "CVE-2026-29168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-29168"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server\u0027s mod_md via OCSP response data.\n\nThis issue affects Apache HTTP Server: from 2.4.30 through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-29168",
"url": "https://www.suse.com/security/cve/CVE-2026-29168"
},
{
"category": "external",
"summary": "SUSE Bug 1264150 for CVE-2026-29168",
"url": "https://bugzilla.suse.com/1264150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-29168"
},
{
"cve": "CVE-2026-29169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-29169"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs.\n\nThe only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-29169",
"url": "https://www.suse.com/security/cve/CVE-2026-29169"
},
{
"category": "external",
"summary": "SUSE Bug 1263956 for CVE-2026-29169",
"url": "https://bugzilla.suse.com/1263956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-29169"
},
{
"cve": "CVE-2026-33006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33006"
}
],
"notes": [
{
"category": "general",
"text": "A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33006",
"url": "https://www.suse.com/security/cve/CVE-2026-33006"
},
{
"category": "external",
"summary": "SUSE Bug 1263955 for CVE-2026-33006",
"url": "https://bugzilla.suse.com/1263955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33006"
},
{
"cve": "CVE-2026-33007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33007"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33007",
"url": "https://www.suse.com/security/cve/CVE-2026-33007"
},
{
"category": "external",
"summary": "SUSE Bug 1263954 for CVE-2026-33007",
"url": "https://bugzilla.suse.com/1263954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-33007"
},
{
"cve": "CVE-2026-33523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33523"
}
],
"notes": [
{
"category": "general",
"text": "HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.\n\nThis issue affects Apache HTTP Server: from through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33523",
"url": "https://www.suse.com/security/cve/CVE-2026-33523"
},
{
"category": "external",
"summary": "SUSE Bug 1263953 for CVE-2026-33523",
"url": "https://bugzilla.suse.com/1263953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33523"
},
{
"cve": "CVE-2026-33857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33857"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read vulnerability in mod_proxy_ajp of \n\nApache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33857",
"url": "https://www.suse.com/security/cve/CVE-2026-33857"
},
{
"category": "external",
"summary": "SUSE Bug 1263952 for CVE-2026-33857",
"url": "https://bugzilla.suse.com/1263952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-33857"
},
{
"cve": "CVE-2026-34032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34032"
}
],
"notes": [
{
"category": "general",
"text": "Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34032",
"url": "https://www.suse.com/security/cve/CVE-2026-34032"
},
{
"category": "external",
"summary": "SUSE Bug 1263951 for CVE-2026-34032",
"url": "https://bugzilla.suse.com/1263951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-34032"
},
{
"cve": "CVE-2026-34059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34059"
}
],
"notes": [
{
"category": "general",
"text": "Buffer Over-read vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34059",
"url": "https://www.suse.com/security/cve/CVE-2026-34059"
},
{
"category": "external",
"summary": "SUSE Bug 1263950 for CVE-2026-34059",
"url": "https://bugzilla.suse.com/1263950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.67-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.67-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-34059"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…