8 matches found
EUVD-2017-18437
Malware in sbrugna...
Atlassian Confluence 7.13.x < 8.5.23 / 8.6.x < 9.2.5 / 9.3.x < 9.5.1 (CONFSERVER-99921)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-99921 advisory. - BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger than 72 characters as long as the first 72...
Atlassian Confluence < 7.19.18 / 8.5.x < 8.5.5 / 8.7.x < 8.7.2 / 8.8.0 (CONFSERVER-98413)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98413 advisory: - Affected versions of Atlassian Confluence Data Center in Windows installations contain a security misconfiguration in which the confluence.cfg.xml...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-22527 Atlassian Confluence Data Center and Server Template Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...
CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515
Today, CISA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC released a joint Cybersecurity Advisory CSA in response to the active exploitation of CVE-2023-22515. This critical vulnerability affects certain versions of Atlassian...
A week in security (October 9 - October 15)
Last week on Malwarebytes Labs: Explained: Quishing Update now! Atlassian Confluence vulnerability is being actively exploited Giant health insurer struck by ransomware didn't have antivirus protection Ransomware review: October 2023 Stalkerware activity drops as glaring spying problem is reveale...
Exploit for Improper Input Validation in Atlassian Confluence_Data_Center
CVE-2023-22515-Scan About This is simple scanner for CVE-...
A week in security (May 30 – June 5)
Last week on Malwarebytes Labs: Intuit phish says "We have put a temporary hold on your account" The Quad commits to strengthening cybersecurity in software, supply chains Double-whammy attack follows fake Covid alert with a bogus bank call Microsoft Office zero-day "Follina"—its not a bug, its a...