Redhat

Jboss Core Services

36 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2025-49794

  • EPSS 0.2%
  • Published 16.06.2025 15:24:31
  • Last modified 15.09.2025 18:15:38

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malic...

2.5

CVE-2025-6170

  • EPSS 0.02%
  • Published 16.06.2025 15:24:05
  • Last modified 12.08.2025 13:04:06

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow...

7.5

CVE-2025-49795

  • EPSS 0.06%
  • Published 16.06.2025 15:19:29
  • Last modified 09.07.2025 03:15:30

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

9.1

CVE-2025-49796

  • EPSS 0.17%
  • Published 16.06.2025 15:14:28
  • Last modified 15.09.2025 18:15:38

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a d...

7.5

CVE-2025-6021

Media report
  • EPSS 0.09%
  • Published 12.06.2025 12:49:16
  • Last modified 18.09.2025 10:15:34

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

5.4

CVE-2024-10306

  • EPSS 0.05%
  • Published 23.04.2025 09:59:49
  • Last modified 01.07.2025 03:15:20

A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone...

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

9

CVE-2021-40438

Warning
  • EPSS 94.43%
  • Published 16.09.2021 15:15:07
  • Last modified 16.05.2025 15:27:13

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

6.5

CVE-2021-3541

  • EPSS 0.07%
  • Published 09.07.2021 17:15:07
  • Last modified 21.11.2024 06:21:48

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

7.8

CVE-2021-3516

Exploit
  • EPSS 0.36%
  • Published 01.06.2021 14:15:10
  • Last modified 21.11.2024 06:21:43

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availabi...