cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-25147,https://securityvulnerability.io/vulnerability/CVE-2022-25147,Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions,"Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.


This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.

",Apache,Apache Portable Runtime Utility (apr-util),6.5,MEDIUM,0.001769999973475933,false,,false,false,false,,,false,false,,2023-01-31T15:54:51.395Z,0
CVE-2011-1928,https://securityvulnerability.io/vulnerability/CVE-2011-1928,,"The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used.  NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.",Apache,"Apr-util,Http Server",,,0.055160000920295715,false,,false,false,false,,,false,false,,2011-05-24T23:55:00.000Z,0
CVE-2010-1623,https://securityvulnerability.io/vulnerability/CVE-2010-1623,,"Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.",Apache,Apr-util,,,0.8275799751281738,false,,false,false,false,,,false,false,,2010-10-04T20:00:00.000Z,0
CVE-2009-2412,https://securityvulnerability.io/vulnerability/CVE-2009-2412,,"Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows.  NOTE: some of these details are obtained from third party information.",Apache,"Apr-util,Portable Runtime",,,0.11242000013589859,false,,false,false,false,,,false,false,,2009-08-06T15:00:00.000Z,0
CVE-2009-0023,https://securityvulnerability.io/vulnerability/CVE-2009-0023,,"The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",Apache,Apr-util,,,0.0754999965429306,false,,false,false,false,,,false,false,,2009-06-08T01:00:00.000Z,0
CVE-2009-1956,https://securityvulnerability.io/vulnerability/CVE-2009-1956,,Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.,Apache,Apr-util,,,0.29330000281333923,false,,false,false,false,,,false,false,,2009-06-08T01:00:00.000Z,0
CVE-2009-1955,https://securityvulnerability.io/vulnerability/CVE-2009-1955,,"The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",Apache,Apr-util,7.5,HIGH,0.3353999853134155,false,,false,false,false,,,false,false,,2009-06-08T01:00:00.000Z,0