Redhat Jboss Core Services — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Jboss Core Services, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2017-3167 — CVSS 9.8 (critical): In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the…
CVE-2018-1312 — CVSS 9.8 (critical): In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not…
CVE-2017-9788 — CVSS 9.1 (critical): In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not…
CVE-2021-3518 — CVSS 8.8 (high): There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application…
CVE-2021-3517 — CVSS 8.6 (high): There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted…
CVE-2016-5387 — CVSS 8.1 (high): The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of…
CVE-2021-3516 — CVSS 7.8 (high): There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint…
CVE-2018-11759 — CVSS 7.5 (high): The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK…
CVE-2018-1333 — CVSS 7.5 (high): By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a…
CVE-2016-3627 — CVSS 7.5 (high): The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to…
CVE-2025-6021 — CVSS 7.5 (high): A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer…
CVE-2019-9511 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a…
CVE-2019-9513 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple…
CVE-2019-9514 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of…
CVE-2019-9515 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of…
CVE-2016-8743 — CVSS 7.5 (high): Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response…
CVE-2019-9517 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The…
CVE-2019-9518 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a…
CVE-2020-25709 — CVSS 7.5 (high): A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to…
CVE-2020-25710 — CVSS 7.5 (high): A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to…
CVE-2017-12613 — CVSS 7.1 (high): When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and…
CVE-2026-6732 — CVSS 6.5 (medium): A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated…
CVE-2016-9596 — CVSS 6.5 (medium): libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service…
CVE-2016-9598 — CVSS 6.5 (medium): libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and…
CVE-2019-9516 — CVSS 6.5 (medium): Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of…
CVE-2021-3541 — CVSS 6.5 (medium): A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to…
CVE-2026-0990 — CVSS 5.9 (medium): A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI…
CVE-2021-3537 — CVSS 5.9 (medium): A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing…
CVE-2018-17189 — CVSS 5.3 (medium): In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that…
CVE-2019-0197 — CVSS 4.2 (medium): A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2…
CVE-2026-0989 — CVSS 3.7 (low): A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a…
CVE-2026-0992 — CVSS 2.9 (low): A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that…
CVE-2025-6170 — CVSS 2.5 (low): A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long…