Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apr vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-1787
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 prior to 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote malicious users to cause a denial of service (daemon crash) via a ClientKeyExchange message w...
Openssl Openssl 1.0.2
NA
CVE-2015-0285
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 prior to 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote malicious users to defeat cryptographic protection mechanisms by sniffing the network and then...
Openssl Openssl 1.0.2
NA
CVE-2015-0290
The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 prior to 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote malicious users to cause a denial of service (pointer cor...
Openssl Openssl 1.0.2
NA
CVE-2015-0291
The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 prior to 1.0.2a allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.
Openssl Openssl 1.0.2
3 Github repositories
2 Articles
7.1
CVSSv3
CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to t...
Apache Portable Runtime 1.7.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
NA
CVE-2014-3569
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected ...
Openssl Openssl 1.0.1j
6.5
CVSSv3
CVE-2022-25147
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an malicious user to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
Apache Portable Runtime Utility
NA
CVE-2003-0245
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 up to and including 2.0.45 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML ...
Apache Http Server 2.0.42
Apache Http Server 2.0.37
Apache Http Server 2.0.44
Apache Http Server 2.0.39
Apache Http Server 2.0.41
Apache Http Server 2.0.38
Apache Http Server 2.0.45
Apache Http Server 2.0.40
Apache Http Server 2.0.43
1 EDB exploit
NA
CVE-2012-0840
tables/apr_hash.c in the Apache Portable Runtime (APR) library up to and including 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via ...
Apache Portable Runtime 1.3.6-dev
Apache Portable Runtime 1.3.7
Apache Portable Runtime 0.9.7-dev
Apache Portable Runtime 1.3.3
Apache Portable Runtime 0.9.6
Apache Portable Runtime 0.9.16-dev
Apache Portable Runtime 0.9.8
Apache Portable Runtime 1.3.1
Apache Portable Runtime 1.3.2
Apache Portable Runtime 1.3.9
Apache Portable Runtime 1.3.4
Apache Portable Runtime 1.3.10
Apache Portable Runtime 0.9.4
Apache Portable Runtime 1.4.3
Apache Portable Runtime 1.4.4
Apache Portable Runtime 1.4.1
Apache Portable Runtime 0.9.3
Apache Portable Runtime 0.9.1
Apache Portable Runtime
Apache Portable Runtime 0.9.5
Apache Portable Runtime 1.3.8
Apache Portable Runtime 1.4.0
1 EDB exploit
9.8
CVSSv3
CVE-2020-16226
Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an malicious user to remotely execute arbitrary commands.
Mitsubishielectric Qj71mes96 Firmware
Mitsubishielectric Qj71ws96 Firmware
Mitsubishielectric Q06ccpu-v Firmware
Mitsubishielectric Q24dhccpu-v Firmware
Mitsubishielectric Q24dhccpu-vg Firmware
Mitsubishielectric R12ccpu-v Firmware
Mitsubishielectric Rd55up06-v Firmware
Mitsubishielectric Rd55up12-v Firmware
Mitsubishielectric Rj71gn11-t2 Firmware
Mitsubishielectric Rj71en71 Firmware
Mitsubishielectric Qj71e71-100 Firmware
Mitsubishielectric Lj71e71-100 Firmware
Mitsubishielectric Qj71mt91 Firmware
Mitsubishielectric Rd78gn\\(n\\=4\\,8\\,16\\,32\\,64\\) Firmware
Mitsubishielectric Rd78ghv Firmware
Mitsubishielectric Rd78ghw Firmware
Mitsubishielectric Nz2gacp620-60 Firmware
Mitsubishielectric Nz2gacp620-300 Firmware
Mitsubishielectric Nz2ft-mt Firmware
Mitsubishielectric Nz2ft-eip Firmware
Mitsubishielectric Q03udecpu Firmware
Mitsubishielectric Qnudehcpu\\(n\\=04\\/06\\/10\\/13\\/20\\/26\\/50\\/100\\) Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »