Jboss Core Services Security Vulnerabilities and Issues — Jboss Core Services CVE List

Lucene search

RedhatJboss Core Services

8 matches found

CVE•added 2021/09/16 3:15 p.m.•4451 views

CVE-2021-40438

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

9CVSS9.5AI score0.94443EPSS

CVE•added 2021/05/14 8:15 p.m.•543 views

CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest th...

5.9CVSS7AI score0.00127EPSS

CVE•added 2021/05/19 2:15 p.m.•497 views

CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this fla...

8.6CVSS8.4AI score0.00077EPSS

CVE•added 2021/07/09 5:15 p.m.•408 views

CVE-2021-3541

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

6.5CVSS7AI score0.00065EPSS

CVE•added 2021/05/18 12:15 p.m.•403 views

CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

8.8CVSS8.4AI score0.00188EPSS

CVE•added 2021/06/01 2:15 p.m.•335 views

CVE-2021-3516

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

7.8CVSS7.9AI score0.00362EPSS

CVE•added 2021/05/28 11:15 a.m.•302 views

CVE-2020-25710

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

7.5CVSS7.2AI score0.02005EPSS

CVE•added 2021/05/18 12:15 p.m.•293 views

CVE-2020-25709

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

7.5CVSS7.2AI score0.0372EPSS