Jboss Core Services

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-13	CVE-2019-9516	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. network low complexity apple apache canonical debian fedoraproject synology opensuse redhat oracle mcafee f5 nodejs CWE-770	6.5
2019-08-13	CVE-2019-9515	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee f5 nodejs CWE-770	7.5
2019-08-13	CVE-2019-9514	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. network low complexity apple apache debian canonical synology fedoraproject opensuse redhat oracle mcafee netapp f5 nodejs CWE-770	7.5
2019-08-13	CVE-2019-9513	Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. network low complexity apple apache canonical debian fedoraproject synology opensuse redhat oracle mcafee f5 nodejs	7.5
2019-08-13	CVE-2019-9511	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee f5 nodejs CWE-770	7.5
2019-06-11	CVE-2019-0197	HTTP Request Smuggling vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. network high complexity apache canonical fedoraproject opensuse redhat oracle CWE-444	4.2
2019-04-08	CVE-2019-0211	Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. local low complexity apache fedoraproject canonical debian opensuse netapp redhat oracle CWE-416	7.8
2019-01-30	CVE-2018-17189	Resource Exhaustion vulnerability in multiple products In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. network low complexity apache netapp fedoraproject debian oracle canonical redhat CWE-400	5.3
2018-10-31	CVE-2018-11759	Path Traversal vulnerability in multiple products The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. network low complexity apache debian redhat CWE-22	7.5
2018-08-16	CVE-2016-9598	Out-of-bounds Read vulnerability in multiple products libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. network redhat xmlsoft CWE-125	4.3