Every CVE whose affected-product data names Apache Apr-util, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2009-2412 — CVSS 10.0 (critical): Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and…
CVE-2009-1955 — CVSS 7.5 (high): The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn…
CVE-2009-1956 — CVSS 6.4 (medium): Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to…
CVE-2010-1623 — CVSS 5.0 (medium): Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util)…
CVE-2009-0023 — CVSS 4.3 (medium): The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial…
CVE-2011-1928 — CVSS 4.3 (medium): The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server…