Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache portable runtime vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-24963
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an malicious user to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
Apache Portable Runtime 1.7.0
NA
CVE-2022-25147
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an malicious user to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
Apache Portable Runtime Utility
NA
CVE-2022-28331
On Windows, Apache Portable Runtime 1.7.0 and previous versions may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
Apache Portable Runtime
NA
CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update t...
Apache Xalan-java
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Jre 17.0.3.1
Oracle Jre 18.0.1.1
Oracle Jre 11.0.15.1
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Oracle Jdk 17.0.3.1
Oracle Jdk 18.0.1.1
Oracle Jdk 11.0.15.1
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Graalvm 20.3.6
Oracle Graalvm 21.3.2
Oracle Graalvm 22.1.0
Oracle Openjdk 8
Oracle Openjdk 7
Oracle Openjdk 18
Oracle Openjdk
Fedoraproject Fedora 35
Fedoraproject Fedora 36
3 Github repositories
1000
VMScore
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1165 Github repositories
28 Articles
321
VMScore
CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to t...
Apache Portable Runtime 1.7.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
169
VMScore
CVE-2017-12618
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using the...
Apache Portable Runtime Utility 1.0.2
Apache Portable Runtime Utility 0.9.16
Apache Portable Runtime Utility 0.9.15
Apache Portable Runtime Utility 0.9.6
Apache Portable Runtime Utility 0.9.5
Apache Portable Runtime Utility 1.1.0
Apache Portable Runtime Utility 1.2.13
Apache Portable Runtime Utility 1.2.2
Apache Portable Runtime Utility 1.2.1
Apache Portable Runtime Utility 1.3.13
Apache Portable Runtime Utility 1.3.6
Apache Portable Runtime Utility 1.3.5
Apache Portable Runtime Utility 1.4.2
Apache Portable Runtime Utility 1.4.1
Apache Portable Runtime Utility 1.6.0
Apache Portable Runtime Utility 1.0.1
Apache Portable Runtime Utility 1.0.0
Apache Portable Runtime Utility 0.9.14
Apache Portable Runtime Utility 0.9.13
Apache Portable Runtime Utility 0.9.12
Apache Portable Runtime Utility 0.9.4
Apache Portable Runtime Utility 0.9.3
505
VMScore
CVE-2012-0840
tables/apr_hash.c in the Apache Portable Runtime (APR) library up to and including 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via ...
Apache Portable Runtime 1.3.6-dev
Apache Portable Runtime 1.3.7
Apache Portable Runtime 0.9.7-dev
Apache Portable Runtime 1.3.3
Apache Portable Runtime 0.9.6
Apache Portable Runtime 0.9.16-dev
Apache Portable Runtime 0.9.8
Apache Portable Runtime 1.3.1
Apache Portable Runtime 1.3.2
Apache Portable Runtime 1.3.9
Apache Portable Runtime 1.3.4
Apache Portable Runtime 1.3.10
Apache Portable Runtime 0.9.4
Apache Portable Runtime 1.4.3
Apache Portable Runtime 1.4.4
Apache Portable Runtime 1.4.1
Apache Portable Runtime 0.9.3
Apache Portable Runtime 0.9.1
Apache Portable Runtime
Apache Portable Runtime 0.9.5
Apache Portable Runtime 1.3.8
Apache Portable Runtime 1.4.0
1 EDB exploit
384
VMScore
CVE-2011-1928
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote malicious users to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patt...
Apache Apr-util 1.4.3
Apache Http Server 2.2.18
Apache Apr-util 1.4.4
2 Github repositories
436
VMScore
CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library prior to 1.4.3 and the Apache HTTP Server prior to 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris...
Apache Portable Runtime
Apache Http Server
Netbsd Netbsd 5.1
Google Android
Freebsd Freebsd
Openbsd Openbsd 4.8
Apple Mac Os X 10.6.0
Oracle Solaris 10
Debian Debian Linux 5.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Suse Linux Enterprise Server 10
1 EDB exploit
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »