Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xerces-c vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2016-2099
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and previous versions allows context-dependent malicious users to have unspecified impact via an invalid character in an XML document.
Apache Xerces-c\\+\\+
Opensuse Opensuse 13.2
7.8
CVSSv2
CVE-2012-0880
Apache Xerces-C++ allows remote malicious users to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.
Apache Xerces-c\\+\\+ -
7.8
CVSSv2
CVE-2008-4482
The XML parser in Xerces-C++ prior to 3.0.0 allows context-dependent malicious users to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.
Apache Xerces-c\\+\\+ 2.4.0
Apache Xerces-c\\+\\+ 2.3.0
Apache Xerces-c\\+\\+ 1.4.0
Apache Xerces-c\\+\\+ 1.3.0
Apache Xerces-c\\+\\+ 2.7.0
Apache Xerces-c\\+\\+ 2.6.0
Apache Xerces-c\\+\\+ 1.6.0
Apache Xerces-c\\+\\+ 1.5.0
Apache Xerces-c\\+\\+ 2.2.0
Apache Xerces-c\\+\\+ 2.1.0
Apache Xerces-c\\+\\+ 1.2.0
Apache Xerces-c\\+\\+ 1.1.0
Apache Xerces-c\\+\\+ 2.5.0
Apache Xerces-c\\+\\+
Apache Xerces-c\\+\\+ 2.0.0
Apache Xerces-c\\+\\+ 1.7.0
Apache Xerces-c\\+\\+ 1.0.1
Apache Xerces-c\\+\\+ 1.0.0
7.5
CVSSv2
CVE-2017-12627
In Apache Xerces-C XML Parser library prior to 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
Apache Xerces-c\\+\\+
7.5
CVSSv2
CVE-2016-0729
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C prior to 3.1.3 allow remote malicious users to cause a denial of service (segmentation fault or memory corruption) or possibly execut...
Apache Xerces-c\\\\\\+\\\\\\+
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Fedoraproject Fedora 24
6.8
CVSSv2
CVE-2018-1311
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be ...
Apache Xerces-c\\+\\+
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 7.7
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Goldengate
5
CVSSv2
CVE-2004-1575
The XML parser in Xerces-C++ 2.5.0 allows remote malicious users to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
Apache Xerces-c\\+\\+ 2.5.0
4.3
CVSSv2
CVE-2009-1885
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent malicious users to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested ...
Apache Xerces-c\\+\\+ 2.7.0
Apache Xerces-c\\+\\+ 2.8.0
NA
CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 prior to 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can b...
NA
CVE-2023-37536
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote malicious users to cause out-of-bound access via HTTP request.
Hcltech Bigfix Platform
Apache Xerces-c\\+\\+ 3.2.3
Fedoraproject Fedora 37
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started