30 matches found
MITM (Man-in-the-Middle) com.squareup.okhttp3:okhttp Dependency in Jira Software Data Center and Server
This High severity MITM Man-in-the-Middle vulnerability was introduced in version 9.12.1 and 10.3.0 of Jira Software Data Center and Server. This vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:Ncode allows an unauthenticated...
DoS (Denial of Service) axios Dependency in Jira Software Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2025-58754 was introduced in 10.3.0, and 11.0.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...
EUVD-2012-3995
Malware in sbrugna...
EUVD-2025-6013
Malicious code in bioql PyPI...
CVE-2012-4051
Multiple cross-site request forgery CSRF vulnerabilities in editAccount.html in the JAMF Software Server JSS interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that 1 create user accounts or 2 change passwords via a Save...
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server
This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 9.4.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, 9.15.0, 9.16.1, 9.17.0, 10.0.0, and 10.1.1 of Jira Software Data Center and Server. This...
CVE-2024-55088
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...
CVE-2024-1577
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...
SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. Jira Software Data Center is unaffected by...
CVE-2024-23819
GeoServer has a stored Cross-Site Scripting (XSS) vulnerability in the MapML HTML Page. An authenticated administrator with workspace‑level privileges can store a JavaScript payload in the GeoServer catalog, which executes in another user’s browser when the MapML HTML Page is viewed. The MapML ex...
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and Server
This High severity org.apache.xmlgraphics:batik-script Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-script Dependency vulnerability, with a...
DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and Server
This High severity org.json:json Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS...
CVE-2023-35801
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have acce...
CVE-2022-38340
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload...
Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and reside...
Linux jss 安全漏洞
ruby-jss is a Ruby framework for interacting with the JAMF Software Server JSS REST API. A security vulnerability exists in Linux jss that stems from a memory leak in a software TLS connection leading to an object serialization issue...
Limited Remote File Read in Jira Software Server - CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...
Username enumeration on Jira Software Server 8.15 - CVE-2021-26081
Affected versions of Atlassian Jira Server and Jira Data Center allow remote attackers to discover the username of users via an enumeration vulnerability in the REST API. CVE-2021-26081 The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, from version 8.14.0 before...
Vulnerability in Search Template Leads to Reflected XSS JIRA Software Server - CVE-2021-26078
Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the number range searcher component which allows remote attackers to inject arbitrary HTML or JavaScript. Affected versions: versions 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...
JSW Server not vulnerable to an Insecure Deserialization issue in Jackson Databind - CVE-2018-14720
Scanners may falsely flag some versions of Jira Software Server before 8.5.5 as vulnerable to an Insecure Deserialization issue in Jackson Databind CVE-2018-14720. This vulnerability in a transitive dependency was being flagged because Jira Software assumed the version of applinks provided by Jir...