Skip to main content

Jboss Core Services

5 CVEs product

Monthly

CVE-2026-0992 LOW Monitor

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. [CVSS 2.9 LOW]

Denial Of Service Aix Enterprise Linux Jboss Core Services Libxml2 +3
NVD VulDB
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-0990 MEDIUM PATCH This Month

libxml2's xmlCatalogXMLResolveURI function is vulnerable to uncontrolled recursion when processing self-referencing delegate URI entries in XML catalogs, allowing remote attackers to trigger stack exhaustion and crash applications. This configuration-dependent denial of service requires specially crafted XML input but no authentication, affecting any application using the vulnerable library to parse untrusted catalogs. No patch is currently available.

Denial Of Service Aix Enterprise Linux Jboss Core Services Libxml2 +3
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-0989 LOW Monitor

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. [CVSS 3.7 LOW]

Denial Of Service Aix Enterprise Linux Jboss Core Services Libxml2 +3
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-6170 LOW POC PATCH Monitor

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files.

Buffer Overflow Stack Overflow Enterprise Linux Jboss Core Services Libxml2 +1
NVD GitHub VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2025-6021 HIGH POC PATCH CISA Act Now

Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affected systems via crafted XML input. The vulnerability affects libxml2 directly and downstream Red Hat products including OpenShift Container Platform 4.12-4.19, RHEL 7-10, and JBoss Core Services. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N), EPSS 0.75% (73rd percentile), and publicly available exploit code, this represents a moderate real-world risk focused on availability disruption rather than code execution or data compromise.

Buffer Overflow Denial Of Service Integer Overflow Enterprise Linux Enterprise Linux Eus +18
NVD
CVSS 3.1
7.5
EPSS
0.8%
Threat
5.0
EPSS 0% CVSS 2.9
LOW Monitor

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. [CVSS 2.9 LOW]

Denial Of Service Aix Enterprise Linux +5
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

libxml2's xmlCatalogXMLResolveURI function is vulnerable to uncontrolled recursion when processing self-referencing delegate URI entries in XML catalogs, allowing remote attackers to trigger stack exhaustion and crash applications. This configuration-dependent denial of service requires specially crafted XML input but no authentication, affecting any application using the vulnerable library to parse untrusted catalogs. No patch is currently available.

Denial Of Service Aix Enterprise Linux +5
NVD VulDB
EPSS 0% CVSS 3.7
LOW Monitor

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. [CVSS 3.7 LOW]

Denial Of Service Aix Enterprise Linux +5
NVD VulDB
EPSS 0% CVSS 2.5
LOW POC PATCH Monitor

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files.

Buffer Overflow Stack Overflow Enterprise Linux +3
NVD GitHub VulDB
EPSS 1% 5.0 CVSS 7.5
HIGH POC PATCH Act Now

Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affected systems via crafted XML input. The vulnerability affects libxml2 directly and downstream Red Hat products including OpenShift Container Platform 4.12-4.19, RHEL 7-10, and JBoss Core Services. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N), EPSS 0.75% (73rd percentile), and publicly available exploit code, this represents a moderate real-world risk focused on availability disruption rather than code execution or data compromise.

Buffer Overflow Denial Of Service Integer Overflow +20
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy