PT-2024-2835 · Atlassian · Confluence

Name of the Vulnerable Software and Affected Versions: Confluence Data Center versions 7.3.0 through 8.5.7 Description: The issue exists due to the failure to neutralize special elements used in operating system commands. Exploitation of this issue may allow a remote attacker to impact the...

VMware Carbon Black App Control 授权问题漏洞

Vmware VMware Carbon Black App Control is an application control product from Vmware USA. It is used to lock down servers and critical systems to prevent unwanted changes. An authorization issue vulnerability exists in VMware Carbon Black App Control 8.0, 8.1, 8.5 before 8.5.8, and 8.6 before...

CVE-2020-14179

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and...

Information disclosure

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and...

CVE-2020-14178

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 befo...

CVE-2017-4924

CVE-2017-4924 is a VMware SVGA out-of-bounds write vulnerability that can allow a guest VM to execute code on the host. Affected products and versions (per provided docs): ESXi 6.5 prior to patch ESXi650-201707101-SG; VMware Workstation 12.x prior to 12.5.7; VMware Fusion 8.x prior to 8.5.8. The ...

Fixed in Apache Tomcat 8.5.8

Note: The issues below were fixed in Apache Tomcat 8.5.7 but the release vote for the 8.5.7 release candidate did not pass. Therefore, although users must download 8.5.8 to obtain a version that includes fixes for these issues, version 8.5.7 is not included in the list of affected versions...

Hancom Office '.hml' file heap-based buffer overflow

There is a vulnerability in Hancom Office 2010 SE, which can be exploited by malicious people to compromise a user's system. '.hml' is a type of XML document files which is defined by Hancom. Contructing a long TEXTART tag will cause a heap-based buffer overflow. Such as: TEXTART...