This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information...
7.4CVSS
7.2AI Score
0.0004EPSS
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...
8.8CVSS
8.8AI Score
0.511EPSS
Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local...
6CVSS
6.5AI Score
0.0004EPSS
A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this...
7.5CVSS
7AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF...
7.5CVSS
7.4AI Score
0.0004EPSS
This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact.....
8.3CVSS
8.1AI Score
0.0004EPSS
This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...
7.2CVSS
6.8AI Score
0.0004EPSS
This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...
8.5CVSS
7.9AI Score
0.0004EPSS
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code...
9.6CVSS
8.7AI Score
0.002EPSS
This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated...
8.8CVSS
8.3AI Score
0.001EPSS
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated...
8.8CVSS
8.8AI Score
0.002EPSS
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated...
7.5CVSS
8AI Score
0.002EPSS
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality,...
8.8CVSS
8.1AI Score
0.002EPSS
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the...
7.2CVSS
7.1AI Score
0.001EPSS
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on....
8.2CVSS
6.5AI Score
0.0004EPSS
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a...
8.8CVSS
6.3AI Score
0.001EPSS
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of...
7.8CVSS
7.6AI Score
0.0004EPSS
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a.....
6.7CVSS
6.3AI Score
0.0004EPSS
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database...
4.3CVSS
5.2AI Score
0.001EPSS
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server...
6.7CVSS
6.3AI Score
0.0004EPSS
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's...
7.8CVSS
7.6AI Score
0.0004EPSS
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery...
8.8CVSS
9.3AI Score
0.001EPSS
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence...
8.8CVSS
9.3AI Score
0.001EPSS
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to...
8.8CVSS
8AI Score
0.001EPSS
This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary...
8.8CVSS
8.5AI Score
0.001EPSS
Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network...
10CVSS
9.5AI Score
0.001EPSS
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then...
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access...
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to...
8.8CVSS
8AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...
6.1CVSS
6.2AI Score
0.001EPSS
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local...
7.3CVSS
8.3AI Score
0.0004EPSS
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local...
6.7CVSS
7.9AI Score
0.0004EPSS
This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted...
8.8CVSS
8.5AI Score
0.001EPSS
This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker...
8.8CVSS
8.7AI Score
0.005EPSS
This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions...
8.8CVSS
8.3AI Score
0.001EPSS
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has...
8.8CVSS
9AI Score
0.001EPSS
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high....
8.8CVSS
8.5AI Score
0.001EPSS
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually...
7.2CVSS
7.5AI Score
0.001EPSS
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install...
7.2CVSS
7.5AI Score
0.001EPSS
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the.....
8.8CVSS
8.6AI Score
0.001EPSS
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the.....
8.8CVSS
8.6AI Score
0.001EPSS
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious...
6.1CVSS
5.9AI Score
0.001EPSS
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments...
6.5CVSS
4.7AI Score
0.001EPSS
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local...
8.2CVSS
7.6AI Score
0.0004EPSS
Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network...
8.8CVSS
8.9AI Score
0.001EPSS
Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.6AI Score
0.0004EPSS
Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS