tomcat vulnerabilities and exploits

NA
CVE-2019-11581

Atlassian JIRA Server and Data Center could allow a remote attacker to execute arbitrary code on the system, caused by a server-side template injection vulnerability in various resources. If an SMTP server has been configured in Jira and the Contact Administrators Form is...

7.5
CVSSv2
CVE-2018-11307

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6....

10
CVSSv2
CVE-2019-1620

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software....

5
CVSSv2
CVE-2019-1621

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM...

5
CVSSv2
CVE-2019-1622

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on...

7.5
CVSSv2
CVE-2019-1619

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due...

7.5
CVSSv2
CVE-2019-10104

In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all...

4.3
CVSSv2
CVE-2019-5786

Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page....

GoogleChrome
4.3
CVSSv2
CVE-2018-6177

Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page....

GoogleChrome
4.3
CVSSv2
CVE-2018-6128

Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page....

GoogleChrome