Apache Xerces-c\+\+
11 CVEs affecting Apache Xerces-c\+\+. Latest disclosed: 2024-02-29. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-23807 | Critical | 9.8 | 2024-02-29 | The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are reco… |
CVE-2017-12627 | Critical | 9.8 | 2018-03-01 | In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. |
CVE-2016-2099 | Critical | 9.8 | 2016-05-13 | Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified imp… |
CVE-2023-37536 | High | 8.2 | 2023-10-11 | An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. |
CVE-2018-1311 | High | 8.1 | 2019-12-18 | The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed… |
CVE-2012-0880 | High | 7.5 | 2017-08-08 | Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table co… |
CVE-2016-4463 | High | 7.5 | 2016-07-08 | Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. |
CVE-2015-0252 | | 2015-03-24 | internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. | |
CVE-2009-1885 | | 2009-08-11 | Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of s… | |
CVE-2008-4482 | | 2008-10-08 | The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema defin… | |
CVE-2004-1575 | | 2004-12-31 | The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document. |