CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2020/04/21 11:7 a.m.•2 views

tomcat: local privilege escalation

A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user...

7CVSS7.1AI score0.00481EPSS

Exploits0References8

CNVD•added 2020/02/24 12:0 a.m.•0 views

vRealize Operations for Horizon Adapter Remote Code Execution Vulnerability

VMware vRealize Operations is operations management software that spans physical, virtual, and cloud environments and supports network environments based on vSphere, Hyper-V, or Amazon Web Services. A security vulnerability exists in vRealize Operations for Horizon Adapter versions 6.7.x prior to...

9.8CVSS7.5AI score0.01728EPSS

OSV•added 2020/01/27 7:15 p.m.•3 views

CVE-2019-11288

In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker...

7CVSS7.1AI score0.00093EPSS

Tenable Nessus•added 2020/01/27 12:0 a.m.•19 views

Apache Solr 8.1.1 < 8.3.0 Remote Code Execution

CVE-2019-12409 is a flaw in the default configuration of the solr.in.sh file in Apache Solr. If this file is used in its default configuration in versions 8.1.1 and 8.2.0, unauthenticated access to the Java Management Extensions JMX monitoring on the RMIPORT default 18983 is allowed. Anyone with...

9.8CVSS9.6AI score0.8277EPSS

Exploits4References3

OSV•added 2019/12/23 6:15 p.m.•1 views

DEBIAN-CVE-2019-12418

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...

7CVSS7.5AI score0.00481EPSS

RedHat Linux•added 2019/08/08 10:8 a.m.•2 views

solr: remote code execution due to unsafe deserialization

A flaw was found in the Apache Solr's Config API, where it would permit the configuration of the JMX server via an HTTP POST request. An attacker could use this flaw to direct traffic to a malicious RMI server, and then trigger remote code execution or conduct further attacks...

9.8CVSS8AI score0.93545EPSS

Exploits1References4

OSV•added 2019/03/07 9:29 p.m.•1 views

UBUNTU-CVE-2019-0192

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side...

9.8CVSS7.9AI score0.93545EPSS

Exploits1References3

OSV•added 2018/09/28 6:29 p.m.•1 views

CVE-2018-15764

Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM...

9.8CVSS6.5AI score

NVD•added 2018/06/26 5:29 p.m.•13 views

CVE-2018-6667

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions JMX...

10CVSS9.9AI score0.01674EPSS

OSV•added 2018/06/26 5:29 p.m.•1 views

CVE-2018-6667

9.8CVSS6.1AI score0.01674EPSS

Cvelist•added 2018/06/26 5:0 p.m.•14 views

CVE-2018-6667 McAfee Web Gateway - Authentication Bypass vulnerability

10CVSS9.8AI score0.01674EPSS

RedHat Linux•added 2018/06/25 2:57 p.m.•1 views

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

CNVD•added 2018/06/15 12:0 a.m.•2 views

McAfee Web Gateway Authentication Bypass Vulnerability

McAfee Web Gateway MWG is a security gateway product from McAfee USA. The product provides threat protection, application control, and data loss prevention. An authentication bypass vulnerability exists in the management user interface in McAfee MWG. A remote attacker could exploit this...

10CVSS9.7AI score0.01674EPSS

RedHat Linux•added 2018/05/24 7:1 p.m.•3 views

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)

RedHat Linux•added 2018/05/02 10:13 p.m.•3 views

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)

RedHat Linux•added 2018/04/23 10:56 p.m.•3 views

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)

RedHat Linux•added 2018/04/23 10:53 p.m.•2 views

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)