Lucene search
K

147 matches found

Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.47 views

Atlassian Jira < 8.5.11 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.11, 8.6.x 8.13.3 or 8.14.x 8.15.0. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability in the...

6.1CVSS5.5AI score0.23086EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.41 views

Atlassian Jira 8.14.x < 8.15.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.11, 8.6.x 8.13.3 or 8.14.x 8.15.0. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability in the...

6.1CVSS5.5AI score0.23086EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.48 views

Atlassian Jira 8.6.x < 8.13.3 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.11, 8.6.x 8.13.3 or 8.14.x 8.15.0. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability in the...

6.1CVSS5.5AI score0.23086EPSS
Exploits0References8
OSV
OSV
added 2021/04/13 7:15 a.m.3 views

UBUNTU-CVE-2021-29262

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be...

7.5CVSS5.8AI score0.07805EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/02 12:0 a.m.2 views

Microsoft Exchange Server 安全漏洞

Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server Arbitrary File Write Vulnerability. An attacker can exploit this vulnerability to write a file to any path on the server after authenticating through the Exchang...

7.8CVSS5.7AI score0.89509EPSS
Exploits3References3
NVD
NVD
added 2021/03/01 5:15 p.m.23 views

CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check...

5.3CVSS0.01233EPSS
Exploits0References1
Prion
Prion
added 2021/03/01 5:15 p.m.19 views

Design/Logic Flaw

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check...

5CVSS5.4AI score0.01233EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/02/26 12:0 a.m.49 views

Atlassian Confluence < 6.13.18 / 6.14 < 7.4.6 / 7.5 < 7.8.3 Arbitrary File Read (CONFSERVER-60469)

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.18, 6.14.x prior to 7.4.6 or 7.5.x prior to 7.8.3. It is, therefore, affected by an arbitrary file read vulnerability in its ConfluenceResourceDownloadRewriteRule class...

5.3CVSS6AI score0.0233EPSS
Exploits0References2
CVE
CVE
added 2021/02/18 3:8 p.m.112 views

CVE-2020-29448

CVE-2020-29448 affects Atlassian Confluence Server/Data Center. Affected ConfluenceResourceDownloadRewriteRule allows unauthenticated remote retrieval of arbitrary files in WEB-INF and META-INF due to an incorrect path access check. Impact is read-only exposure of restricted files; no exploitatio...

5.3CVSS5.5AI score0.0233EPSS
Exploits0References1Affected Software2
Atlassian
Atlassian
added 2021/02/16 6:29 p.m.80 views

Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 4.0.4 4.10.0 ≤ versi...

5.3CVSS6.4AI score0.0233EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/02/16 6:29 p.m.47 views

Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 4.0.4 4.10.0 ≤ versi...

5.3CVSS5.8AI score0.0233EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/21 5:58 p.m.120 views

Pre-Authorization Limited Arbitrary File Read in Jira Server - CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 8.5.11 8.6.0 ≤ version 8.13.3 8.14.0 ≤ versi...

5.3CVSS5.7AI score0.23086EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2021/01/19 12:0 a.m.5 views

Jointjs Security Vulnerability

A security vulnerability exists in jointjs before 3.3.0, which stems from the use of a path that accesses an object's key and sets a value that is not properly handled...

9.8CVSS5.8AI score0.01359EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/01 12:5 p.m.3 views

php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

5.9CVSS7.4AI score0.08818EPSS
Exploits1References4
Atlassian
Atlassian
added 2020/11/10 12:3 a.m.385 views

Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 6.13.18 6.14.0 ≤ version 7.4....

5.3CVSS6AI score0.99999EPSS
Exploits12Affected Software1
OSV
OSV
added 2020/08/17 1:15 p.m.1 views

UBUNTU-CVE-2020-13941

Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...

8.8CVSS7.3AI score0.03805EPSS
Exploits0References3
CNVD
CNVD
added 2020/06/02 12:0 a.m.2 views

Arbitrary File Deletion Vulnerability in Advantech WebAccessNode

Advantech WebAccessNode is a fully Internet Explorer based HMI/SCADA monitoring software. Advantech WebAccessNode suffers from an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete files at any path within the system...

7AI score
Exploits0
Debian CVE
Debian CVE
added 2020/01/24 9:14 p.m.28 views

CVE-2019-1348

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths...

3.6CVSS7.2AI score0.00427EPSS
Exploits0
OSV
OSV
added 2019/12/23 3:15 a.m.3 views

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

5.9CVSS6.8AI score
Exploits0References13
OSV
OSV
added 2019/12/23 3:15 a.m.2 views

CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

7.5CVSS6.7AI score
Exploits0References5
Rows per page
Query Builder