Kibana < 8.15.1 (ESA-2024-27)

The version of Kibana installed on the remote host is prior to 8.15.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-27 advisory. - A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a craft...

Kibana 8.10.x < 8.15.1 (ESA-2024-28)

The version of Kibana installed on the remote host is prior to 8.15.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-28 advisory. - A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a craft...

CVE-2021-39122

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version...

Exploit for Missing Authorization in Atlassian Data_Center

CVE-2020-36287 The dashboard gadgets preference resource of th...

Atlassian Jira 8.14.x < 8.15.1 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.5 or 8.14.x 8.15.1. It is, therefore, affected by a missing permissions check vulnerability allowing remote anonymous attackers to obtain gadget related settings. Note th...

CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

Cross site request forgery (csrf)

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery CS...

Anonymously accessible Dashboards can leak private information via configured gadgets - CVE-2020-36287

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. Affected...

CSRF in the SetFeatureEnabled.jspa resource - CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery CS...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:0635-1)

This update for nodejs8 to version 8.15.1 fixes the following issue : Security issue fixed : CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127532. Note that Tenable Network Security has extracted the preceding...