apache tomcat vulnerabilities and exploits

7.2
CVSSv2
CVE-2019-12476

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence...

ZohocorpManageengine Adselfservice Plus
NA
CVE-2019-8526

Apple macOS could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the Security component. By using a specially-crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system....

4.9
CVSSv2
CVE-2018-6982

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest....

VmwareFusionWorkstationEsxi
3.6
CVSSv2
CVE-2018-6622

An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware...

TrustedcomputinggroupTrusted Platform Module
7.2
CVSSv2
CVE-2015-4027

The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan....

AccunetixWeb Vulnerability Scanner
6.8
CVSSv2
CVE-2018-20250

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating...

RarlabWinrar
6.8
CVSSv2
CVE-2019-9810

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1....

MozillaFirefoxFirefox EsrThunderbird
5
CVSSv2
CVE-2019-12086

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the...

FasterxmlJackson-databindDebianDebian Linux
5
CVSSv2
CVE-2019-7690

In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a...

MobatekMobaxterm
6.8
CVSSv2
CVE-2019-6340

If you are using Drupal 8.6.x, upgrade to Drupal 8.6.10. If you are using Drupal 8.5.x or earlier, upgrade to Drupal 8.5.11. Be sure to install any available security updates for contributed projects after updating Drupal core. No core update is required for Drupal 7, but...

Drupal