apache tomcat vulnerabilities and exploits

NA
CVE-2018-5735

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From USN-3574-1: It was discovered that Bind incorrectly handled DNSSEC validation. An attacker could possibly use this...

10
CVSSv2
CVE-2016-2554

Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive....

10
CVSSv2
CVE-2016-0705

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA...

10
CVSSv2
CVE-2015-8880

Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error....

10
CVSSv2
CVE-2015-8617

Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling....

Php
NA
CVE-2015-7851

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From SUSE_CVE-2015-7851: This CVE is addressed in the SUSE advisories SUSE-SU-2015:2058-1, SUSE-SU-2016:1247-1,...

10
CVSSv2
CVE-2015-4760

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D....

10
CVSSv2
CVE-2014-6549

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries....

10
CVSSv2
CVE-2014-6513

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT....

NA
CVE-2014-3622

Oracle Solaris 11.2.12.5.0 Support Repository Update (Oracle Solaris 11.2 SRU 12.5.0)...