Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Xerces2 Java
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4002 9 Apache, Canonical, Hp and 6 more 21 Xerces2 Java, Ubuntu Linux, Hp-ux and 18 more 2022-05-13 7.1 HIGH N/A
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
CVE-2009-2625 7 Apache, Canonical, Debian and 4 more 9 Xerces2 Java, Ubuntu Linux, Debian Linux and 6 more 2022-05-13 5.0 MEDIUM N/A
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
CVE-2012-0881 1 Apache 1 Xerces2 Java 2021-09-28 7.8 HIGH 7.5 HIGH
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.