Max CVSS 7.8 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-14379 7.5
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
22-04-2022 - 16:03 29-07-2019 - 12:15
CVE-2019-10174 6.5
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to in
20-02-2022 - 06:31 25-11-2019 - 11:15
CVE-2019-10212 4.3
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
20-02-2022 - 06:20 02-10-2019 - 19:15
CVE-2019-3888 5.0
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUE
20-02-2022 - 06:11 12-06-2019 - 14:29
CVE-2019-10184 5.0
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
20-02-2022 - 06:11 25-07-2019 - 21:15
CVE-2019-10173 7.5
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshall
20-07-2021 - 23:15 23-07-2019 - 13:15
CVE-2019-9518 7.8
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONT
27-05-2021 - 16:21 13-08-2019 - 21:15
CVE-2019-9514 7.8
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p
09-12-2020 - 00:15 13-08-2019 - 21:15
CVE-2019-9512 7.8
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this d
09-12-2020 - 00:15 13-08-2019 - 21:15
CVE-2019-9515 7.8
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS f
22-10-2020 - 17:22 13-08-2019 - 21:15
CVE-2019-3805 4.7
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss
16-10-2020 - 16:04 03-05-2019 - 20:29
CVE-2019-10184 5.0
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
30-09-2020 - 18:09 25-07-2019 - 21:15
CVE-2018-14335 4.0
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
24-08-2020 - 17:37 24-07-2018 - 13:29
Back to Top Mark selected
Back to Top