Every CVE whose affected-product data names Apache Xerces-c++, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2024-23807 — CVSS 9.8 (critical): The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external…
CVE-2016-2099 — CVSS 9.8 (critical): Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to…
CVE-2017-12627 — CVSS 9.8 (critical): In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain…
CVE-2023-37536 — CVSS 8.2 (high): An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
CVE-2018-1311 — CVSS 8.1 (high): The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has…
CVE-2008-4482 — CVSS 7.8 (high): The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via…
CVE-2016-4463 — CVSS 7.5 (high): Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply…
CVE-2012-0880 — CVSS 7.5 (high): Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that…
CVE-2004-1575 — CVSS 5.0 (medium): The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted…
CVE-2015-0252 — CVSS 5.0 (medium): internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash)…
CVE-2009-1885 — CVSS 4.3 (medium): Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to…