Skip to main content

Xerces C

6 CVEs product

Monthly

CVE-2024-23807 CRITICAL POC PATCH Act Now

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Apache Information Disclosure Memory Corruption Xerces C
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-37536 HIGH This Week

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Xerces C Bigfix Platform Fedora
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2012-0880 HIGH This Week

Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Xerces C
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-4463 HIGH POC THREAT Act Now

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.3%.

Denial Of Service Buffer Overflow Apache Xerces C Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
38.3%
Threat
4.2
CVE-2016-2099 CRITICAL Act Now

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Xerces C Opensuse
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2015-0252 MEDIUM POC THREAT This Month

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.2%.

Denial Of Service Apache Debian Linux Fedora Xerces C
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
25.2%
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Apache Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Xerces C +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Xerces C
NVD
EPSS 38% 4.2 CVSS 7.5
HIGH POC THREAT Act Now

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.3%.

Denial Of Service Buffer Overflow Apache +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Xerces C +1
NVD
EPSS 25% CVSS 5.0
MEDIUM POC THREAT This Month

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.2%.

Denial Of Service Apache Debian Linux +2
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy