apache tomcat vulnerabilities and exploits

6.8
CVSSv2
CVE-2018-4267

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6....

5
CVSSv2
CVE-2019-5418

There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. The impact is limited to calls to...

RedhatCloudformsRubyonrailsRailsDebianDebian Linux
NA
CVE-2019-5786

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in FileReader. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system....

10
CVSSv2
CVE-2018-19276

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body....

Openmrs
7.2
CVSSv2
CVE-2019-9729

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow....

ShandaMaplestory Online
4.9
CVSSv2
CVE-2019-9213

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task....

DebianDebian LinuxLinuxLinux Kernel
6.5
CVSSv2
CVE-2019-3921

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially...

NokiaI-240w-q Gpon Ont Firmware
NA
CVE-2014-9390

A vulnerability in the Git client could allow an unauthenticated, remote attacker to overwrite files on a vulnerable system. The vulnerability is due to improper security protections when processing filenames that contain case-sensitive characters. An unauthenticated, remote...

NA
CVE-2018-5732

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From SUSE_CVE-2018-5732: This CVE is addressed in the SUSE advisories SUSE-SU-2018:0810-1, SUSE-SU-2018:0810-2,...

NA
CVE-2014-8128

A remote attacker could entice a user to process a specially crafted image file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition....