cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-49582,https://securityvulnerability.io/vulnerability/CVE-2023-49582,Local Users Could Access Sensitive Application Data Due to Insufficient Permissions in Apache Portable Runtime on Unix Platforms,"Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.",Apache,Apache Portable Runtime (apr),5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-08-26T14:03:44.588Z,0 CVE-2022-28331,https://securityvulnerability.io/vulnerability/CVE-2022-28331,Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function,"The Apache Portable Runtime on Windows versions 1.7.0 and earlier contains a vulnerability where an integer overflow may result in writing beyond the end of a stack-based buffer during socket operations in the apr_socket_sendv() function. This flaw can potentially lead to uncontrolled memory corruption, making systems vulnerable to various forms of attacks that exploit this overflow.",Apache,Apache Portable Runtime (apr),9.8,CRITICAL,0.07749000191688538,false,,false,false,false,,,false,false,,2023-01-31T15:55:21.488Z,0 CVE-2022-25147,https://securityvulnerability.io/vulnerability/CVE-2022-25147,Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions,"Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. ",Apache,Apache Portable Runtime Utility (apr-util),6.5,MEDIUM,0.001769999973475933,false,,false,false,false,,,false,false,,2023-01-31T15:54:51.395Z,0 CVE-2022-24963,https://securityvulnerability.io/vulnerability/CVE-2022-24963,"Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions ","An integer overflow vulnerability exists in the apr_encode functions of the Apache Portable Runtime (APR), which can lead to unauthorized memory write operations. Exploiting this vulnerability allows attackers to write beyond the allocated memory bounds, potentially leading to data corruption or a complete system compromise. Users of APR version 1.7.0 should evaluate their systems and apply necessary security measures as outlined in the vendor advisories.",Apache,Apache Portable Runtime (apr),9.8,CRITICAL,0.08449000120162964,false,,false,false,false,,,false,false,,2023-01-31T15:52:09.716Z,0 CVE-2021-35940,https://securityvulnerability.io/vulnerability/CVE-2021-35940,Regression of CVE-2017-12613,"An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.",Apache,Apache Portable Runtime (apr),7.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-08-23T10:00:10.000Z,0