CVE-2024-23807
- EPSS 0.3%
- Veröffentlicht 29.02.2024 01:44:10
- Zuletzt bearbeitet 16.01.2025 17:51:40
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabli...
CVE-2023-37536
- EPSS 1%
- Veröffentlicht 11.10.2023 07:15:10
- Zuletzt bearbeitet 21.11.2024 08:11:53
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
CVE-2018-1311
- EPSS 3.86%
- Veröffentlicht 18.12.2019 20:15:15
- Zuletzt bearbeitet 21.11.2024 03:59:36
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disabl...
CVE-2017-12627
- EPSS 4.95%
- Veröffentlicht 01.03.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:09:55
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.