Redhat

Jboss Core Services

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-10306

  • EPSS 0.08%
  • Veröffentlicht 23.04.2025 09:59:49
  • Zuletzt bearbeitet 01.07.2025 03:15:20

A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.36%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 07.11.2025 19:00:41

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

9

CVE-2021-40438

Warnung
  • EPSS 94.43%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 27.10.2025 17:37:06

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

6.5

CVE-2021-3541

  • EPSS 0.06%
  • Veröffentlicht 09.07.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:48

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

7.8

CVE-2021-3516

Exploit
  • EPSS 0.36%
  • Veröffentlicht 01.06.2021 14:15:10
  • Zuletzt bearbeitet 21.11.2024 06:21:43

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availabi...

7.5

CVE-2020-25710

  • EPSS 17.46%
  • Veröffentlicht 28.05.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 05:18:32

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availabil...

8.6

CVE-2021-3517

  • EPSS 0.1%
  • Veröffentlicht 19.05.2021 14:15:07
  • Zuletzt bearbeitet 02.12.2025 22:16:07

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-o...

8.8

CVE-2021-3518

  • EPSS 0.23%
  • Veröffentlicht 18.05.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, inte...

7.5

CVE-2020-25709

  • EPSS 37.4%
  • Veröffentlicht 18.05.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 05:18:32

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

5.9

CVE-2021-3537

  • EPSS 0.11%
  • Veröffentlicht 14.05.2021 20:15:16
  • Zuletzt bearbeitet 21.11.2024 06:21:47

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could...