|
222721
|
7.5 |
HIGH
Network
|
facebook
|
thrift
|
Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messa…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-3565
|
2024-11-21 13:42 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222722
|
7.5 |
HIGH
Network
|
facebook
|
thrift
|
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-3564
|
2024-11-21 13:42 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222723
|
7.5 |
HIGH
Network
|
facebook
|
thrift
|
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time f…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-3559
|
2024-11-21 13:42 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222724
|
7.5 |
HIGH
Network
|
facebook
|
thrift
|
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-3558
|
2024-11-21 13:42 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222725
|
7.5 |
HIGH
Network
|
facebook
|
thrift
|
C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-3552
|
2024-11-21 13:42 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222726
|
8.8 |
HIGH
Network
|
redhat
|
wildfly
jboss_enterprise_application_platform
|
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if …
|
NVD-CWE-noinfo
|
CVE-2019-3894
|
2024-11-21 13:42 |
2019-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222727
|
4.7 |
MEDIUM
Local
|
redhat
|
jboss_enterprise_application_platform
wildfly
|
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could explo…
|
CWE-269
Improper Privilege Management
|
CVE-2019-3805
|
2024-11-21 13:42 |
2019-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222728
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira_server
|
The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabil…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3400
|
2024-11-21 13:42 |
2019-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222729
|
6.1 |
MEDIUM
Network
|
microfocus
|
open_enterprise_server
|
A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the v…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3490
|
2024-11-21 13:42 |
2019-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222730
|
9.8 |
CRITICAL
Network
|
crestron
|
am-100_firmware
am-101_firmware
|
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3939
|
2024-11-21 13:42 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
