Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Core Services
Subscriptions
Total
306 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-20838 | 4 Apple, Pcre, Redhat and 1 more | 5 Macos, Pcre, Enterprise Linux and 2 more | 2024-08-05 | 7.5 High |
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | ||||
CVE-2019-20388 | 7 Debian, Fedoraproject, Netapp and 4 more | 34 Debian Linux, Fedora, Cloud Backup and 31 more | 2024-08-05 | 7.5 High |
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | ||||
CVE-2019-19956 | 8 Canonical, Debian, Fedoraproject and 5 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-08-05 | 7.5 High |
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | ||||
CVE-2019-17567 | 4 Apache, Fedoraproject, Oracle and 1 more | 6 Http Server, Fedora, Enterprise Manager Ops Center and 3 more | 2024-08-05 | 5.3 Medium |
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. | ||||
CVE-2019-15903 | 3 Libexpat Project, Python, Redhat | 5 Libexpat, Python, Enterprise Linux and 2 more | 2024-08-05 | 7.5 High |
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. | ||||
CVE-2019-10097 | 3 Apache, Oracle, Redhat | 11 Http Server, Communications Element Manager, Communications Session Report Manager and 8 more | 2024-08-04 | 7.2 High |
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. | ||||
CVE-2019-10098 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux, Jboss Core Services and 1 more | 2024-08-04 | 6.1 Medium |
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. | ||||
CVE-2019-10092 | 8 Apache, Canonical, Debian and 5 more | 13 Http Server, Ubuntu Linux, Debian Linux and 10 more | 2024-08-04 | 6.1 Medium |
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. | ||||
CVE-2019-10082 | 3 Apache, Oracle, Redhat | 8 Http Server, Communications Element Manager, Enterprise Manager Ops Center and 5 more | 2024-08-04 | 9.1 Critical |
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. | ||||
CVE-2019-10081 | 3 Apache, Debian, Redhat | 4 Http Server, Debian Linux, Enterprise Linux and 1 more | 2024-08-04 | N/A |
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. | ||||
CVE-2019-9513 | 12 Apache, Apple, Canonical and 9 more | 25 Traffic Server, Mac Os X, Swiftnio and 22 more | 2024-08-04 | 7.5 High |
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. | ||||
CVE-2019-9517 | 12 Apache, Apple, Canonical and 9 more | 28 Http Server, Traffic Server, Mac Os X and 25 more | 2024-08-04 | 7.5 High |
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. | ||||
CVE-2019-9514 | 13 Apache, Apple, Canonical and 10 more | 44 Traffic Server, Mac Os X, Swiftnio and 41 more | 2024-08-04 | 7.5 High |
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | ||||
CVE-2019-9518 | 11 Apache, Apple, Canonical and 8 more | 26 Traffic Server, Mac Os X, Swiftnio and 23 more | 2024-08-04 | 7.5 High |
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. | ||||
CVE-2019-9515 | 12 Apache, Apple, Canonical and 9 more | 36 Traffic Server, Mac Os X, Swiftnio and 33 more | 2024-08-04 | 7.5 High |
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | ||||
CVE-2019-9516 | 12 Apache, Apple, Canonical and 9 more | 24 Traffic Server, Mac Os X, Swiftnio and 21 more | 2024-08-04 | 6.5 Medium |
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. | ||||
CVE-2019-9511 | 12 Apache, Apple, Canonical and 9 more | 29 Traffic Server, Mac Os X, Swiftnio and 26 more | 2024-08-04 | 7.5 High |
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | ||||
CVE-2019-5482 | 7 Debian, Fedoraproject, Haxx and 4 more | 24 Debian Linux, Fedora, Curl and 21 more | 2024-08-04 | 9.8 Critical |
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | ||||
CVE-2019-5481 | 7 Debian, Fedoraproject, Haxx and 4 more | 15 Debian Linux, Fedora, Curl and 12 more | 2024-08-04 | 9.8 Critical |
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | ||||
CVE-2019-5435 | 2 Haxx, Redhat | 2 Curl, Jboss Core Services | 2024-08-04 | N/A |
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. |