CVE-2024-23807
- EPSS 0.3%
- Published 29.02.2024 01:44:10
- Last modified 16.01.2025 17:51:40
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabli...
CVE-2023-37536
- EPSS 1%
- Published 11.10.2023 07:15:10
- Last modified 21.11.2024 08:11:53
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
CVE-2018-1311
- EPSS 3.86%
- Published 18.12.2019 20:15:15
- Last modified 21.11.2024 03:59:36
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disabl...
CVE-2017-12627
- EPSS 4.95%
- Published 01.03.2018 14:29:00
- Last modified 21.11.2024 03:09:55
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.