13 matches found
TencentOS Server 4: apr (TSSA-2024:0358)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0358 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.9
Summary Apache Portable Runtime, The Expat XML Parser and DOORS Web Access are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.8 is vulnerable to the below mentioned CVEs. Remediation actions a...
Rockwell Automation FactoryTalk Edge Gateway
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Edge Gateway Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user to cause the program to crash, causing a...
Amazon Linux 2023 : apr, apr-devel (ALAS2023-2023-016)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-016 advisory. An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x...
Slackware: Security Advisory (SSA:2023-032-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[slackware-security] apr
New apr packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/apr-1.7.2-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Integer Overflow or Wraparound vulnerability in aprencode...
Slackware Linux 15.0 / current apr Multiple Vulnerabilities (SSA:2023-032-01)
The version of apr installed on the remote host is prior to 1.7.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-032-01 advisory. - When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 a...
Mageia: Security Advisory (MGASA-2021-0428)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for apr (EulerOS-SA-2021-2848)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-35940
An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue...
CVE-2021-35940
The connected docs confirm a concrete issue in the Apache Portable Runtime (APR) regarding CVE-2017-12613: an out-of-bounds array read in apr_time_exp*() that was fixed in APR 1.6.3. The APR 1.7.x branch did not carry that fix, and APR 1.7.0 regressed to be vulnerable to the same issue. A patch f...
CVE-2021-35940 Regression of CVE-2017-12613
An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue...
CVE-2021-35940
An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue...