239 matches found
EUVD-2021-12892
Malware in sbrugna...
EUVD-2019-10954
Malware in sbrugna...
EUVD-2018-5331
Malware in sbrugna...
EUVD-2021-25563
Malware in sbrugna...
EUVD-2019-10654
Malware in sbrugna...
EUVD-2016-5319
Malware in sbrugna...
EUVD-2020-23782
Malware in sbrugna...
EUVD-2021-28334
Malicious code in bioql PyPI...
Atlassian JIRA Server and JIRA Data Center Security Vulnerabilities
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system used to track and manage all types o...
Atlassian Jira < 8.20.20 / 9.4.x < 9.4.4 / 9.5.0 (JRASERVER-75331)
The version of Atlassian Jira Server running on the remote host is affected by a arbitrary file upload vulnerability as referenced in the JRASERVER-75331 advisory. Affected versions of Atlassian Jira Server/DC allows an unauthenticated, remoter attacker to upload arbitrary files to Jira via file...
Malicious file upload in Jira Server via anonymous sources
Affected versions of Atlassian Jira Server/DC allows an unauthenticated attacker to upload arbitrary files to Jira via file upload functionality in the fileupload url. However An attacker cannot control the filename or its location, which prevents the possibility of RCE. Files with name start...
This ticket is to request backporting fix from JRASERVER-73593 into 8.20.x LTS version
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers without permission to view a private project to view the project's issue creation meta information via a Broken Access Control vulnerability in the /issue/createmeta endpoint. The affected LTS version ...
A vulnerable version of Apache Tomcat was used in Jira Server (CVE-2020-9484, CVE-2022-23181)
Affected versions of Atlassian Jira Server and Data Center used versions of Apache Tomcat that were vulnerable to CVE-2020-9484 and CVE-2022-23181. The affected versions of Jira Server and Data Center are before version 8.13.20, from version 8.14.0 before 8.20.8, from version 8.21.0 before 8.22.2...
Vulnerable version of PostgresSQL JDBC driver used - CVE-2022-21724
Affected versions of Atlassian Jira Server and Data Center used versions of the PostgresSQL JDBC driver that were vulnerable to CVE-2022-21724. The affected versions of Atlassian Jira Server and Data Center are before version 8.22.2. Affected versions: version 8.22.2 Fixed versions: 8.22.2 and...
CVE-2022-0540
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before...
CVE-2022-0540
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before...
Admin user can change Base URL without WebSudo validation
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to bypass WebSudo validation in order to change the Base URL of a Jira instance via a Broken Access Control vulnerability in the /rest/api/2/settings/baseUrl endpoint. The affected...
Admin user can toggle JMX monitoring without WebSudo validation
Affected versions of Atlassian Jira Server and Data Center allow attackers with administrator privileges to bypass WebSudo validation in order to toggle JMX monitoring, via a Broken Access Control vulnerability in the JmxMonitoringAction.jspa endpoint. The affected versions are before version...
A user can view the "createmeta" information of private projects
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers without permission to view a private project to view the project's issue creation meta information via a Broken Access Control vulnerability in the /issue/createmeta endpoint. The affected versions are...
Admin user can change Portfolio Plugin hierarchy without WebSudo validation
Affected versions of Atlassian Jira Server and Data Centre allow remote attackers to modify the hierarchy structure of the Portfolio Plugin via a Broken Access Control vulnerability in the hierarchy configuration component. The affected versions are before version 8.20.4, and from version 8.21.0...