Search for packages
| purl | pkg:maven/xerces/xercesImpl@2.5.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2gpd-vwgb-67cn
Aliases: CVE-2009-2625 GHSA-334p-wv2m-w3vp |
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. |
Affected by 4 other vulnerabilities. |
|
VCID-a6wc-3mp6-63ek
Aliases: CVE-2013-4002 GHSA-7j4h-8wpf-rqfh |
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. |
Affected by 2 other vulnerabilities. |
|
VCID-c2s2-wsy6-sufn
Aliases: CVE-2022-23437 GHSA-h65f-jvqw-m9fj |
XML Injection (aka Blind XPath Injection) There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. |
Affected by 0 other vulnerabilities. |
|
VCID-c3c2-b2bc-6bdh
Aliases: CVE-2020-14338 GHSA-w4jq-qh47-hvjq |
Improper Input Validation A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-nnhm-vcmu-gkd7
Aliases: CVE-2012-0881 GHSA-vmqm-g3vh-847m |
Denial of service in Apache Xerces2 Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||