| Max CVSS | 7.8 | Min CVSS | 1.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-0210 | 5.0 |
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
|
29-10-2022 - 02:33 | 29-10-2019 - 19:15 | |
| CVE-2019-10086 | 7.5 |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
|
25-07-2022 - 18:15 | 20-08-2019 - 21:15 | |
| CVE-2019-0205 | 7.8 |
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it
|
18-04-2022 - 15:45 | 29-10-2019 - 19:15 | |
| CVE-2019-12400 | 1.9 |
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with t
|
13-04-2022 - 14:49 | 23-08-2019 - 21:15 | |
| CVE-2019-14887 | 6.4 |
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version
|
02-11-2021 - 18:10 | 16-03-2020 - 15:15 | |
| CVE-2019-20444 | 6.4 |
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
|
14-09-2021 - 12:45 | 29-01-2020 - 21:15 | |
| CVE-2019-20445 | 6.4 |
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
|
14-09-2021 - 12:45 | 29-01-2020 - 21:15 | |
| CVE-2020-7238 | 5.0 |
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869
|
27-05-2021 - 16:21 | 27-01-2020 - 17:15 | |
| CVE-2019-20444 | 6.4 |
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
|
25-09-2020 - 20:15 | 29-01-2020 - 21:15 | |
| CVE-2020-7238 | 5.0 |
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869
|
25-09-2020 - 20:15 | 27-01-2020 - 17:15 | |
| CVE-2019-20445 | 6.4 |
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
|
25-09-2020 - 20:15 | 29-01-2020 - 21:15 |