Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-4784-1
HistoryMar 15, 2021 - 12:00 a.m.

Xerces-C++ vulnerabilities

2021-03-1500:00:00
ubuntu.com
14

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.028 Low

EPSS

Percentile

90.4%

JSON

Releases

  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • xerces-c - Validating XML parser written in a portable subset of C++

Details

It was discovered that Xerces-C++ XML Parser mishandles certain kinds of
external DTD references, resulting in a user-after-free. An attacker could
use this vulnerability to cause a denial of service (crash) or possibly
execute arbitrary code. This issue affected only Ubuntu 16.04 ESM.
(CVE-2016-2099)

It was discovered that Xerces-C++ XML Parser fails to successfully parse a
DTD that is too deeply nested. An unauthenticated attacker could use this
vulnerability to cause a denial of service. This issue affected only Ubuntu
16.04 ESM. (CVE-2016-4463)

It was discovered that Xerces-C++ mishandles certain kinds of external DTD
references, resulting in dereference of a NULL pointer. An attacker could
use this vulnerability to cause a denial of service. (CVE-2017-12627)

Related

osv 4
openvas 32
nessus 43
fedora 9
freebsd 1
redhatcve 3
debian 7
suse 1
mageia 3
ubuntucve 3
cve 3
prion 3
archlinux 3
debiancve 3
ibm 15
oraclelinux 1
redhat 3
centos 1
amazon 1
f5 4
gentoo 1
photon 4
oracle 2
osv
osv
xerces-c vulnerabilities
2021-03-15 21:00:57
xerces-c - security update
2018-03-29 00:00:00
xerces-c - security update
2016-05-12 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4784-1)
2023-01-27 00:00:00
Fedora Update for xerces-c FEDORA-2016-84373c5f4f
2016-07-10 00:00:00
Fedora Update for xerces-c27 FEDORA-2018-51ce232320
2019-05-07 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM : Xerces-C++ vulnerabilities (USN-4784-1)
2023-10-16 00:00:00
Fedora 23 : xerces-c (2016-d2d6890690)
2016-07-15 00:00:00
openSUSE Security Update : xerces-c (openSUSE-2016-1046)
2016-09-06 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: xerces-c27-2.7.0-28.fc29
2019-02-13 02:48:11
[SECURITY] Fedora 22 Update: xerces-c-3.1.4-1.fc22
2016-07-06 05:52:27
[SECURITY] Fedora 23 Update: xerces-c-3.1.4-1.fc23
2016-07-06 05:56:02
freebsd
freebsd
xercesi-c3 -- multiple vulnerabilities
2016-05-09 00:00:00
redhatcve
redhatcve
CVE-2017-12627
2018-03-05 11:18:51
CVE-2016-2099
2016-05-10 10:48:36
CVE-2016-4463
2016-06-30 08:19:16
debian
debian
[SECURITY] [DLA 1328-1] xerces-c security update
2018-03-29 21:49:55
[SECURITY] [DSA 3610-1] xerces-c security update
2016-06-29 20:19:01
[SECURITY] [DLA 535-1] xerces-c security update
2016-06-29 20:27:56
suse
suse
Security update for xerces-c (low)
2019-04-26 00:00:00
mageia
mageia
Updated xerces-c packages fix CVE-2017-12627
2018-03-06 10:55:33
Updated xerces-c packages fix security vulnerability
2018-03-19 15:13:14
Updated xerces-c packages fix security vulnerability
2016-05-20 14:38:30
ubuntucve
ubuntucve
CVE-2017-12627
2018-03-01 00:00:00
CVE-2016-4463
2016-07-08 00:00:00
CVE-2016-2099
2016-05-13 00:00:00
cve
cve
CVE-2017-12627
2018-03-01 14:29:00
CVE-2016-4463
2016-07-08 19:59:00
CVE-2016-2099
2016-05-13 14:59:00
prion
prion
Null pointer dereference
2018-03-01 14:29:00
Stack overflow
2016-07-08 19:59:00
Design/Logic Flaw
2016-05-13 14:59:00
archlinux
archlinux
[ASA-201803-23] xerces-c: arbitrary code execution
2018-03-25 00:00:00
xerces-c: arbitrary code execution
2016-06-25 00:00:00
xerces-c: denial of service
2016-07-05 00:00:00
debiancve
debiancve
CVE-2017-12627
2018-03-01 14:29:00
CVE-2016-4463
2016-07-08 19:59:00
CVE-2016-2099
2016-05-13 14:59:00
ibm
ibm
Security Bulletin: A vulnerability in the Apache Xerces-C XML Parser library affects IBM Performance Management products (CVE-2016-4463)
2018-06-17 15:36:12
Security Bulletin: A vulnerability in Apache Xerces-C XML Parser library affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-4463)
2018-06-17 15:32:58
Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-4463)
2018-06-16 13:43:12
oraclelinux
oraclelinux
xerces-c security update
2018-11-05 00:00:00
redhat
redhat
(RHSA-2018:3514) Moderate: xerces-c security update
2018-11-06 15:43:00
(RHSA-2018:3506) Moderate: xerces-c security update
2018-11-06 14:46:34
(RHSA-2018:3335) Moderate: xerces-c security update
2018-10-30 04:44:38
centos
centos
xerces security update
2018-11-15 18:53:50
amazon
amazon
Medium: xerces-c
2018-12-06 20:30:00
f5
f5
SOL70191975 - Apache Xerces vulnerability CVE-2016-4463
2016-09-15 00:00:00
K04253390 : Apache Xerces vulnerability CVE-2016-2099
2016-07-18 00:00:00
SOL04253390 - Apache Xerces vulnerability CVE-2016-2099
2016-07-18 00:00:00
gentoo
gentoo
Xerces-C++: Multiple vulnerabilities
2016-12-24 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0037
2018-04-23 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0126
2018-04-24 00:00:00
Critical Photon OS Security Update - PHSA-2018-0126
2018-04-24 00:00:00
oracle
oracle
CPU July 2018
2018-07-17 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.028 Low

EPSS

Percentile

90.4%

JSON
Related for USN-4784-1
osv4openvas32nessus43fedora9freebsd1redhatcve3debian7suse1mageia3ubuntucve3cve3prion3archlinux3debiancve3ibm15oraclelinux1redhat3centos1amazon1f54gentoo1photon4oracle2