| Max CVSS | 7.8 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-9514 | 7.8 |
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p
|
19-10-2023 - 03:15 | 13-08-2019 - 21:15 | |
| CVE-2019-14379 | 7.5 |
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
|
13-09-2023 - 14:53 | 29-07-2019 - 12:15 | |
| CVE-2019-10173 | 7.5 |
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshall
|
05-10-2022 - 20:38 | 23-07-2019 - 13:15 | |
| CVE-2019-9512 | 7.8 |
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this d
|
12-08-2022 - 18:41 | 13-08-2019 - 21:15 | |
| CVE-2019-9518 | 7.8 |
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONT
|
12-08-2022 - 18:40 | 13-08-2019 - 21:15 | |
| CVE-2019-9515 | 7.8 |
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS f
|
12-08-2022 - 18:40 | 13-08-2019 - 21:15 | |
| CVE-2019-10174 | 6.5 |
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to in
|
20-02-2022 - 06:31 | 25-11-2019 - 11:15 | |
| CVE-2019-10212 | 4.3 |
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
|
20-02-2022 - 06:20 | 02-10-2019 - 19:15 | |
| CVE-2019-3888 | 5.0 |
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUE
|
20-02-2022 - 06:11 | 12-06-2019 - 14:29 | |
| CVE-2019-10184 | 5.0 |
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
|
20-02-2022 - 06:11 | 25-07-2019 - 21:15 | |
| CVE-2019-3805 | 4.7 |
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss
|
16-10-2020 - 16:04 | 03-05-2019 - 20:29 | |
| CVE-2019-10184 | 5.0 |
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
|
30-09-2020 - 18:09 | 25-07-2019 - 21:15 | |
| CVE-2018-14335 | 4.0 |
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
|
24-08-2020 - 17:37 | 24-07-2018 - 13:29 |