CVE-2020-12613

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token prior to Avecto elevation. When Avecto elevates the process, it removes the user who is launching the process, but not the second...

1batch (=1.0.0), 47pages-keystone (>=0.0.1 <=0.0.5) +802 more potentially affected by CVE-2025-12613 via cloudinary (>=1.0.13 <=2.6.1)

cloudinary NPM version =1.0.13, =0.0.1, =1.0.2, =1.1.0, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.0.28, =0.0.3, =3.7.0, =3.18.2 and more Source cves: CVE-2025-12613 Source advisory: OSV:GHSA-G4MF-96X5-5M2C...

EUVD-2021-22575

Malware in sbrugna...

9-jobber-shared (=1.0.0), @accounter/server (>=0.0.1-alpha-20240307145247-66232ffd2f926ee16fb5781f8c93d98fdf4d1416 <=0.0.3-alpha-20241114141215-09b7d417e7e139562b2a77a6eb2d990da536e1ec) +262 more potentially affected by CVE-2025-12613 via cloudinary (>=2.0.3 <=2.6.1)

cloudinary NPM version =2.0.3, =0.0.1-alpha-20240307145247-66232ffd2f926ee16fb5781f8c93d98fdf4d1416, =1.0.0, =1.0.0, =0.0.3, =1.0.0, =0.0.11, =1.0.0, =1.0.0, =1.0.0, =1.0.19, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2025-12613 Source advisory: SNYK:JS-CLOUDINARY-10495740...

Linux Distros Unpatched Vulnerability : CVE-2017-12613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may...

CVE-2024-12613

The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-12613

creationtimestamp| type| source ---|---|--- 2025-01-16 09:44:30+00:00| seen| https://infosec.exchange/users/cve/statuses/113837386603776560 2025-01-16 09:55:31+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1928 2025-01-16 10:15:45+00:00| seen|...

CVE-2017-12613 affecting package apr for versions less than 1.6.3-1

CVE-2017-12613 affecting package apr for versions less than 1.6.3-1. A patched version of the package is available...

RHEL 6 : httpd24-apr (RHSA-2018:0316)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0316 advisory. The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data...

RHEL 5 : apr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apr: Out-of-bounds array deref in aprtimeexp functions CVE-2017-12613 - tables/aprhash.c in the Apache...

CVE-2020-12613

creationtimestamp| type| source ---|---|--- 2024-01-01 15:07:03+00:00| seen| https://t.me/ctinow/161330...

CVE-2020-12613

BeyondTrust Privilege Management for Windows (up to version 5.6) is affected by CVE-2020-12613. An attacker can spawn a process with multiple users in the security token; during Avecto elevation the launcher’s user is removed, but a second user remains in the token and can grant permissions back ...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in APR-util (CVE-2017-12613)

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerability in APR-util. Vulnerability Details CVEID: CVE-2017-12613 DESCRIPTION: Apache Portable Runtime APR could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds array...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2017-12613).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...

Amazon Linux 2023 : apr, apr-devel (ALAS2023-2023-016)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-016 advisory. An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x...

K52319810: Apache Portable Runtime vulnerability CVE-2017-12613

Security Advisory Description When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an aprtimeexpt value, potentially revealing the contents of a...

SUSE CVE-2017-12613

When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an aprtimeexpt value, potentially revealing the contents of a different static heap value or...

SUSE CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An...

Slackware: Security Advisory (SSA:2023-032-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] apr

New apr packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/apr-1.7.2-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Integer Overflow or Wraparound vulnerability in aprencode...