High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-13	CVE-2019-9513	Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. network low complexity apple apache canonical debian fedoraproject synology opensuse redhat oracle mcafee f5 nodejs	7.5
2019-08-13	CVE-2019-9512	Resource Exhaustion vulnerability in multiple products Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. network low complexity apple apache debian nodejs CWE-400	7.5
2019-08-13	CVE-2019-9511	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee f5 nodejs CWE-770	7.5
2019-08-07	CVE-2019-10099	Cleartext Storage of Sensitive Information vulnerability in Apache Spark Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. network low complexity apache CWE-312	7.5
2019-08-02	CVE-2019-10094	Allocation of Resources Without Limits or Throttling vulnerability in Apache Tika A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. local low complexity apache CWE-770	7.8
2019-08-02	CVE-2019-10088	Allocation of Resources Without Limits or Throttling vulnerability in Apache Tika A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. network low complexity apache CWE-770	8.8
2019-08-01	CVE-2019-0193	Code Injection vulnerability in multiple products In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. network low complexity apache debian CWE-94	7.2
2019-07-30	CVE-2019-14439	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. network low complexity fasterxml debian fedoraproject apache redhat oracle CWE-502	7.5
2019-07-29	CVE-2018-11774	SQL Injection vulnerability in Apache Virtual Computing LAB Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. network low complexity apache CWE-89	7.2
2019-07-29	CVE-2018-11772	SQL Injection vulnerability in Apache Virtual Computing LAB Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. network low complexity apache CWE-89	7.2