marklogic CVE Vulnerabilities & Metrics

Focus on marklogic vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About marklogic Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with marklogic. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total marklogic CVEs: 11
Earliest CVE date: 23 May 2017, 16:29 UTC
Latest CVE date: 07 Sep 2018, 16:29 UTC

Latest CVE reference: CVE-2017-2795

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical marklogic CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.8

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	11
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS marklogic CVEs

These are the five CVEs with the highest CVSS scores for marklogic, sorted by severity first and recency.

CVE-2017-2795 marklogic Published on 07 Sep 2018, 16:29 UTC (CVSS: 6.8)
An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.
CVE-2017-2792 marklogic Published on 07 Sep 2018, 16:29 UTC (CVSS: 6.8)
An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability.
CVE-2016-8384 marklogic Published on 24 Apr 2018, 19:29 UTC (CVSS: 6.8)
An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter.
CVE-2016-8383 marklogic Published on 24 Apr 2018, 19:29 UTC (CVSS: 6.8)
An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability.
CVE-2016-8382 marklogic Published on 24 Apr 2018, 19:29 UTC (CVSS: 6.8)
An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability.

All CVEs for marklogic

CVE-2017-2795 marklogic vulnerability CVSS: 6.8 07 Sep 2018, 16:29 UTC

An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.

CVE-2017-2792 marklogic vulnerability CVSS: 6.8 07 Sep 2018, 16:29 UTC

An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability.

CVE-2016-8384 marklogic vulnerability CVSS: 6.8 24 Apr 2018, 19:29 UTC

An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter.

CVE-2016-8383 marklogic vulnerability CVSS: 6.8 24 Apr 2018, 19:29 UTC

An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability.

CVE-2016-8382 marklogic vulnerability CVSS: 6.8 24 Apr 2018, 19:29 UTC

An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability.

CVE-2017-2799 marklogic vulnerability CVSS: 6.8 24 May 2017, 14:29 UTC

An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.

CVE-2017-2798 marklogic vulnerability CVSS: 6.8 24 May 2017, 14:29 UTC

An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.

CVE-2017-2797 marklogic vulnerability CVSS: 6.8 23 May 2017, 16:29 UTC

An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6.

CVE-2017-2794 marklogic vulnerability CVSS: 6.8 23 May 2017, 16:29 UTC

An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability.

CVE-2017-2793 marklogic vulnerability CVSS: 6.8 23 May 2017, 16:29 UTC

An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.

CVE-2017-2783 marklogic vulnerability CVSS: 6.8 23 May 2017, 16:29 UTC

An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious xls file to trigger this vulnerability.