apache tomcat vulnerabilities and exploits

4.3
CVSSv2
CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query...

Python
7.2
CVSSv2
CVE-2019-9729

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow....

ShandaMaplestory Online
7.5
CVSSv2
CVE-2019-0192

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code...

ApacheSolrNetappStorage Automation Store
4.9
CVSSv2
CVE-2019-9213

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task....

6.5
CVSSv2
CVE-2019-3921

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially...

NokiaI-240w-q Gpon Ont Firmware
6.8
CVSSv2
CVE-2019-6340

If you are using Drupal 8.6.x, upgrade to Drupal 8.6.10. If you are using Drupal 8.5.x or earlier, upgrade to Drupal 8.5.11. Be sure to install any available security updates for contributed projects after updating Drupal core. No core update is required for Drupal 7, but...

Drupal
NA
CVE-2014-8128

A remote attacker could entice a user to process a specially crafted image file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition....

NA
CVE-2014-9390

A vulnerability in the Git client could allow an unauthenticated, remote attacker to overwrite files on a vulnerable system. The vulnerability is due to improper security protections when processing filenames that contain case-sensitive characters. An unauthenticated, remote...

NA
CVE-2018-5732

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From SUSE_CVE-2018-5732: This CVE is addressed in the SUSE advisories SUSE-SU-2018:0810-1, SUSE-SU-2018:0810-2,...