| Max CVSS | 5.0 | Min CVSS | 1.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-1559 | 4.3 |
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid
|
19-08-2022 - 11:14 | 27-02-2019 - 23:29 | |
| CVE-2019-0221 | 4.3 |
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debu
|
13-07-2021 - 17:15 | 28-05-2019 - 22:29 | |
| CVE-2019-10072 | 5.0 |
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) cl
|
14-06-2021 - 18:15 | 21-06-2019 - 18:15 | |
| CVE-2018-5407 | 1.9 |
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
|
18-09-2020 - 16:58 | 15-11-2018 - 21:29 | |
| CVE-2019-0199 | 5.0 |
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping str
|
28-05-2019 - 21:29 | 10-04-2019 - 15:29 |