Lucene search

K

16 matches found

CVE
CVE
added 2019/08/13 9:15 p.m.5670 views

CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

7.8CVSS7.7AI score0.04471EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.5211 views

CVE-2019-9517

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the byt...

7.8CVSS7.7AI score0.04564EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.3714 views

CVE-2019-9511

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to...

7.8CVSS6.8AI score0.14268EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.2964 views

CVE-2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for ...

7.5CVSS7.3AI score0.02271EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.739 views

CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STR...

7.8CVSS7.9AI score0.10058EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.509 views

CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends tim...

7.8CVSS7.7AI score0.03674EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.477 views

CVE-2019-9515

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalen...

7.8CVSS7.7AI score0.04513EPSS
CVE
CVE
added 2019/11/26 6:15 p.m.397 views

CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

8.1CVSS8.2AI score0.01877EPSS
CVE
CVE
added 2019/12/13 1:15 a.m.339 views

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of p...

7.7CVSS6.8AI score0.00287EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.281 views

CVE-2019-2989

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

6.8CVSS6.4AI score0.01239EPSS
CVE
CVE
added 2019/12/13 1:15 a.m.236 views

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publ...

7.7CVSS7AI score0.003EPSS
CVE
CVE
added 2019/11/08 3:15 p.m.230 views

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.5CVSS6AI score0.01915EPSS
CVE
CVE
added 2019/12/13 1:15 a.m.202 views

CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gai...

8.1CVSS7.4AI score0.00403EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.80 views

CVE-2019-2813

Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: GraalVM). The supported version that is affected is 19.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enter...

7.7CVSS7.3AI score0.0037EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.48 views

CVE-2019-2862

Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: Java). The supported version that is affected is 19.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enter...

6.8CVSS6.5AI score0.00879EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.45 views

CVE-2019-2986

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM E...

7.7CVSS7.3AI score0.0037EPSS