Vulnerabilities > Redhat > Jboss Enterprise Application Platform > High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-29	CVE-2019-0210	Out-of-bounds Read vulnerability in multiple products In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. network low complexity apache redhat oracle CWE-125	7.5
2019-10-29	CVE-2019-0205	Infinite Loop vulnerability in multiple products In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. network low complexity apache redhat oracle CWE-835	7.5
2019-09-26	CVE-2019-16869	HTTP Request Smuggling vulnerability in multiple products Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. network low complexity netty debian canonical redhat CWE-444	7.5
2019-08-20	CVE-2019-10086	Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. network low complexity apache debian opensuse fedoraproject redhat oracle CWE-502	7.3
2019-08-13	CVE-2019-9518	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee nodejs CWE-770	7.5
2019-08-13	CVE-2019-9517	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee netapp nodejs CWE-770	7.5
2019-08-13	CVE-2019-9515	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee f5 nodejs CWE-770	7.5
2019-08-13	CVE-2019-9514	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. network low complexity apple apache debian canonical synology fedoraproject opensuse redhat oracle mcafee netapp f5 nodejs CWE-770	7.5
2019-08-13	CVE-2019-9513	Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. network low complexity apple apache canonical debian fedoraproject synology opensuse redhat oracle mcafee f5 nodejs	7.5
2019-08-13	CVE-2019-9511	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee f5 nodejs CWE-770	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.