The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.
cpe:2.3:a:apache:xml_security_for_c\+\+:*:*:*:*:*:*:*:* versions up to 1.7.1 (inclusive)
|119149||Tenable SecurityCenter < 5.8.0 Multiple Vulnerabilities (TNS-2018-15)||Nessus||Misc.|
|67103||FreeBSD : apache-xml-security-c -- heap overflow during XPointer evaluation (81da673e-dfe1-11e2-9389-08002798f6ff)||Nessus||FreeBSD Local Security Checks|
|67102||Debian DSA-2717-1 : xml-security-c - heap overflow||Nessus||Debian Local Security Checks|