apache tomcat vulnerabilities and exploits

NA
CVE-2019-7304

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1....

9.3
CVSSv2
CVE-2019-0232

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet...

ApacheTomcat
5
CVSSv2
CVE-2019-0199

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that...

ApacheTomcat
7.2
CVSSv2
CVE-2019-0797

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808....

7.2
CVSSv2
CVE-2019-0808

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797....

MicrosoftWindows 7Windows Server 2008
NA
CVE-2019-0227

Apache Axis could allow a remote attacker to execute arbitrary code on the system. caused by a flaw in the default StockQuoteService.jws service. By using a man-in-the-middle attack to force an HTTP request, an attacker could exploit this vulnerability to execute arbitrary code...

7.2
CVSSv2
CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent...

ApacheHttp ServerCanonicalUbuntu LinuxDebianDebian LinuxFedoraprojectFedoraOpensuseLeap
4.3
CVSSv2
CVE-2018-4270

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6....

4.3
CVSSv2
CVE-2018-4273

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6....

4.3
CVSSv2
CVE-2018-4271

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6....