DoS (Denial of Service) in Jira Service Management Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 11.2.0 and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allow...

Security Headers Omission in Jira Software Data Center

This is a vulnerability in a non-Atlassian Jira Software dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Security Headers Omission vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Software Data Center...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

Atlassian Jira Service Management Data Center and Server 11.2.0 < 11.2.1 / 11.3.0 (JSDSERVER-16462)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16462 advisory. - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an...

BIT-PILLOW-2025-48379 Pillow Vulnerable to Write Buffer Overflow on BCn encoding

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

SUSE CVE-2025-48379

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

CVE-2025-48379

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

CVE-2025-48379 Pillow Vulnerable to Write Buffer Overflow on BCn encoding

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

CVE-2025-48379 Pillow Vulnerable to Write Buffer Overflow on BCn encoding

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

PT-2025-27574 · Pillow · Pillow

Name of the Vulnerable Software and Affected Versions: Pillow versions 11.2.0 through 11.2.x Description: The issue is a heap buffer overflow that occurs when writing a sufficiently large image in the DDS format. This happens because the library writes into a buffer without checking for available...

CVE-2019-9703

Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels...

CVE-2019-9702

Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels...

Oracle Commerce 安全漏洞

Oracle Commerce is a suite of e-commerce solutions from Oracle Corporation, of which Commerce Platform is one component that provides a versatile e-commerce platform. A security vulnerability exists in Oracle Commerce's Commerce Platform versions 11.3.0, 11.3.1, and 11.3.2, which stems from...

CVE-2024-54151

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...

CVE-2024-54151

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...

CVE-2024-54151 Directus allows unauthenticated access to WebSocket events and operations

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...

CVE-2024-54151 Directus allows unauthenticated access to WebSocket events and operations

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...

Security Bulletin: IBM Event Streams is affected by a partial denial of service in Java (CVE-2023-22081).

Summary IBM Event Streams is affected by a partial denial of service due to the JSSE component. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component...

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-25883)

Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-25883 Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS...

CVE-2022-21559

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...