Xerces C\+\+
by Apache
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-2099 | Cri | 0.64 | 9.8 | 0.02 | May 13, 2016 | Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. | |
| CVE-2012-0880 | Hig | 0.49 | 7.5 | 0.02 | Aug 8, 2017 | Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. | |
| CVE-2015-0252 | 0.05 | — | 0.25 | Mar 24, 2015 | internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. | ||
| CVE-2009-1885 | 0.01 | — | 0.14 | Aug 11, 2009 | Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework. | ||
| CVE-2008-4482 | 0.00 | — | 0.02 | Oct 8, 2008 | The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file. | ||
| CVE-2004-1575 | 0.00 | — | 0.03 | Dec 31, 2004 | The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document. |
- risk 0.64cvss 9.8epss 0.02
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
- risk 0.49cvss 7.5epss 0.02
Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.
- CVE-2015-0252Mar 24, 2015risk 0.05cvss —epss 0.25
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
- CVE-2009-1885Aug 11, 2009risk 0.01cvss —epss 0.14
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
- CVE-2008-4482Oct 8, 2008risk 0.00cvss —epss 0.02
The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.
- CVE-2004-1575Dec 31, 2004risk 0.00cvss —epss 0.03
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.