Lucene search
+L

59 matches found

The Hacker News
The Hacker News
added 2022/04/23 5:52 a.m.404 views

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and reside...

9.8CVSS1.5AI score0.99999EPSS
Exploits47
OSV
OSV
added 2021/10/27 7:15 p.m.4 views

CVE-2021-34794

A vulnerability in the Simple Network Management Protocol version 3 SNMPv3 access control functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due t...

5.3CVSS5.8AI score0.00906EPSS
Exploits0References1
Prion
Prion
added 2021/07/29 11:15 a.m.28 views

Deserialization of untrusted data

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....

7.5CVSS9.7AI score0.48883EPSS
Exploits1References3Affected Software3
CVE
CVE
added 2021/07/29 10:12 a.m.105 views

CVE-2020-36239

CVE-2020-36239 affects Jira Data Center, Jira Core Data Center, Jira Software Data Center (versions prior to 8.5.16 for 6.3.0 line, prior to 8.13.8 for 8.6.0 line, prior to 8.17.0 for 8.14.0 line) and Jira Service Management Data Center (prior to 4.5.16 for 2.0.2 line, prior to 4.13.8 for 4.6.0 l...

9.8CVSS9.7AI score0.48883EPSS
Exploits1References3Affected Software3
ATTACKERKB
ATTACKERKB
added 2021/07/21 12:0 a.m.59 views

CVE-2020-36239

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....

7.5CVSS3.2AI score0.48883EPSS
Exploits1References4
Atlassian
Atlassian
added 2021/07/09 5:44 a.m.88 views

Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239

h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...

9.8CVSS2.3AI score0.48883EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2021/07/09 5:44 a.m.47 views

Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239

h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...

9.8CVSS2.3AI score0.48883EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/12/07 12:0 a.m.4 views

PT-2020-13796

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2 through 1.5 Description The issue arises when the Admin API is enabled and the Admin API access IP restriction rules are deleted in Apache APISIX. This allows the default token to access APISIX management data...

6.5CVSS7.2AI score0.72976EPSS
Exploits5References15
BDU FSTEC
BDU FSTEC
added 2020/06/10 12:0 a.m.6 views

The vulnerability of the Cisco IOS XE operating system, related to the lack of measures taken to clean data at the management level, allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of the Cisco IOS XE operating system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary code...

6.8CVSS6.9AI score0.00612EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/01/29 4:29 p.m.5 views

CVE-2018-1668

IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894...

7.5CVSS5.8AI score0.01396EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2016/10/05 12:0 a.m.20 views

Cisco Prime Infrastructure Authentication Bypass API Vulnerability (cisco-sa-20160629-piauthbypass) - Active Check

A vulnerability in the application programming interface API of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to access and control the API resources. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and ar...

10CVSS9.5AI score0.06153EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of the Cisco IOS operating system, which allows a malicious individual to gain administrator privileges

Cisco IOS software contains vulnerabilities that allow a remote attacker to gain remote access to device management data via SNMP protocol. This can result in the attacker obtaining administrative privileges...

5CVSS7.9AI score0.01705EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2015/10/08 8:59 p.m.12 views

Code injection

Cisco Wireless LAN Controller WLC devices with software 7.0240.0, 7.3101.0, and 7.41.19 allow remote attackers to cause a denial of service device outage by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236...

6.1CVSS7.3AI score0.00772EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/10/08 8:0 p.m.26 views

CVE-2015-6311

Cisco Wireless LAN Controller WLC devices with software 7.0240.0, 7.3101.0, and 7.41.19 allow remote attackers to cause a denial of service device outage by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236...

6.7AI score0.00772EPSS
Exploits0References2
CVE
CVE
added 2015/09/25 1:0 a.m.49 views

CVE-2015-6468

CVE-2015-6468 is a CSRF vulnerability in Resource Data Management’s Web-based Data Manager, affected versions prior to 2.2. The issue enables an attacker to hijack an authenticated user’s session and perform unintended actions on trusted pages via CSRF vectors (details not specified in the provid...

6.8CVSS7.3AI score0.00643EPSS
Exploits0References1Affected Software1
myhack58
myhack58
added 2011/12/28 12:0 a.m.37 views

Empire(EmpireCMS)cms 6.6 the background to get shell-vulnerability warning-the black bar safety net

Previous 6. 5http://www.badguest.cn/Article/201011/78510.htmlsomeone hair of the method is that the background---system setup---the management data table---management system models---import new module,directly put the modified php shell was renamed the shell. php. mod uploaded, the new version us...

7.3AI score
Exploits0
myhack58
myhack58
added 2010/10/05 12:0 a.m.34 views

Empire cms backstage to get a shell vulnerability and fix-vulnerability warning-the black bar safety net

The first method: add a custom page 6.0 on experiment success Template management - add custom page - page name casually--file name: xx. asp;. html--the page content--pony copy the contents into it Save the post and then the Admin page Click you can go see your horse, generally in the root...

7AI score
Exploits0
OSV
OSV
added 2006/12/31 5:0 a.m.2 views

DEBIAN-CVE-2006-6101

Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data...

6.6CVSS9.5AI score0.00379EPSS
Exploits0References1
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.10 views

Detectoid for System Center 2012 R2 - Data Protection Manager UI

Detectoid for System Center 2012 R2 - Data Protection Manager UI...

2.7AI score
Exploits0
Rows per page
Query Builder