Vulnerabilities > Apache > Xerces C
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2024-23807 | Unspecified vulnerability in Apache Xerces-C++ The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. | 9.8 |
| 2023-10-11 | CVE-2023-37536 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | 8.8 |
| 2019-12-18 | CVE-2018-1311 | Use After Free vulnerability in multiple products The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. | 8.1 |
| 2018-03-01 | CVE-2017-12627 | NULL Pointer Dereference vulnerability in Apache Xerces-C++ In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | 9.8 |
| 2017-08-08 | CVE-2012-0880 | Resource Management Errors vulnerability in Apache Xerces-C++ Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. | 7.5 |
| 2016-07-08 | CVE-2016-4463 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. | 7.5 |
| 2016-05-13 | CVE-2016-2099 | Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. | 9.8 |