Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tomcat vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2021-40348
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, accordin...
Uyuni-project Uyuni 2021.08
Spacewalk Project Spacewalk 2.10
9.3
CVSSv2
CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet i...
Apache Tomcat
Apache Tomcat 9.0.0
1 EDB exploit
8 Github repositories
9
CVSSv2
CVE-2021-39180
OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions before 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomc...
Frentix Openolat
9
CVSSv2
CVE-2020-5805
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
Marvell Qconvergeconslole Gui
9
CVSSv2
CVE-2020-17388
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw e...
Marvell Qconvergeconsole
9
CVSSv2
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM prior to 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
Dimo-crm Yellowbox Crm
9
CVSSv2
CVE-2017-6712
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote malicious user to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run ce...
Cisco Elastic Services Controller 2.3.0
Cisco Elastic Services Controller 2.0
Cisco Elastic Services Controller 1.0.0
Cisco Elastic Services Controller 2.1.0
Cisco Elastic Services Controller 1.1.0
Cisco Elastic Services Controller 2.2.0
9
CVSSv2
CVE-2017-6683
A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote malicious user to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vul...
Cisco Elastic Services Controller 2.2\\(9.76\\)
9
CVSSv2
CVE-2016-9091
Blue Coat Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.4 and Content Analysis System (CAS) 1.3 prior to 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges...
Bluecoat Advanced Secure Gateway
Bluecoat Content Analysis System Software
2 EDB exploits
1 Github repository
9
CVSSv2
CVE-2010-1929
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or...
Novell Imanager 2.7.3
Novell Imanager 2.7.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »