SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. Jira Software Data Center is unaffected by.....
10CVSS
9.7AI Score
0.001EPSS
DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Software Data Center and Server
This High severity net.minidev:json-smart Dependency vulnerability was introduced in versions 8.20.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This net.minidev:json-smart Dependency vulnerability, with....
7.5CVSS
7.7AI Score
0.001EPSS
h3. Issue Summary This is reproducible on Data Center: yes Explanation: This bug shows up only for integration using webhooks. Smar commits works correctly when data is being synced during hourly polling job. Environment requirements: Jira needs to be available for Git instance to let git webhooks....
6.8AI Score
This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, and 9.15.0 of Jira Software Data Center and Server. This...
8.2CVSS
6.7AI Score
0.0004EPSS
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...
6.6AI Score
0.001EPSS
Cisco Firepower Threat Defense Software Encrypted Archive File Policy Bypass Vulnerability
A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a.....
7.3AI Score
0.0004EPSS
Summary IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS. This bulletin identifies the steps required to address these vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-33599 DESCRIPTION: **glibc is vulnerable.....
7.5CVSS
9.1AI Score
0.005EPSS
Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker...
7.2AI Score
0.0004EPSS
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of...
1.5AI Score
0.001EPSS
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
7.2AI Score
0.0004EPSS
A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected...
7.2AI Score
0.0004EPSS
This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...
7.5CVSS
7AI Score
0.002EPSS
Summary Node.js is used by IBM Rational® Application Developer for WebSphere® Software as the SDK and runtime for Apache Cordova projects. (CVE-2023-6129,CVE-2024-24806, CVE-2023-5678,CVE-2024-22019,CVE-2023-46809, CVE-2024-0727, CVE-2023-6237,CVE-2024-21892) Vulnerability Details ** CVEID:...
7.3CVSS
8.6AI Score
EPSS
Summary IP from Node.js is used by IBM Storage Fusion HCI as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code...
9.8CVSS
8AI Score
0.001EPSS
TPM2 Software Stack vulnerabilities
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages tpm2-tss - TPM2 Software Stack library Details Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to...
6.4CVSS
8.1AI Score
EPSS
Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.
Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2023-2650. Vulnerability Details ** CVEID: CVE-2023-2650 DESCRIPTION:...
6.5CVSS
6.7AI Score
0.001EPSS
This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. This software.amazon.ion:ion-java Dependency....
7.5CVSS
7.6AI Score
0.0005EPSS
Security Bulletin: IBM Storage Fusion HCI is vulnerable to elevated privileges due to OpenShift.
Summary OpenShift included with IBM Storage Fusion HCI is affected by the CVE listed below. CVE-2023-5408. Vulnerability Details ** CVEID: CVE-2023-5408 DESCRIPTION: **OpenShift Kubernetes could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in...
7.2CVSS
6.3AI Score
0.001EPSS
Summary Python packages Pypa, Pallet Jinja, requests, and urllib3 are used by IBM Storage Fusion HCI as part of the installer and may be vulnerable to the CVEs listed below. CVE-2022-40897, CVE-2024-22195, CVE-2023-32681, CVE-2023-43804. Vulnerability Details ** CVEID: CVE-2022-40897 DESCRIPTION:.....
8.1CVSS
9.8AI Score
0.005EPSS
Summary follow-redirects is used by IBM Storage Fusion as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an...
7.3CVSS
6.7AI Score
0.001EPSS
Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability.....
7.5CVSS
10AI Score
0.962EPSS
Security Bulletin: IBM Storage Fusion HCI is vulnerable to directory traversal due to Beego.
Summary Beego is used by IBM Storage Fusion HCI as part of the user interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details ** CVEID: CVE-2022-31836 DESCRIPTION: **Beego could allow a remote attacker to traverse directories on the system, caused by a flaw.....
9.8CVSS
9.7AI Score
0.002EPSS
Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-23829, CVE-2024-23334, CVE-2024-1135, CVE-2024-26130. Vulnerability Details ** CVEID: CVE-2024-23829 DESCRIPTION:...
7.5CVSS
8.6AI Score
0.052EPSS
Summary Ceph is used by IBM Storage Fusion HCI if IBM Storage Fusion HCI is configured with the Data Foundation service. CVE-2023-43040. Vulnerability Details ** CVEID: CVE-2023-43040 DESCRIPTION: **IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized actions in RGW for Ceph...
6.5CVSS
6.2AI Score
0.0004EPSS
Summary commons-compress and ion-java is used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress...
8.1CVSS
6.1AI Score
0.001EPSS
Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct...
7.3CVSS
7.1AI Score
0.001EPSS
Virtua Software Cobranca <12R - Blind SQL Injection
Virtua Cobranca before 12R allows blind SQL injection on the login...
7.5CVSS
8AI Score
0.008EPSS
Cisco ASA/FTD Software - Cross-Site Scripting
Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities...
6.1CVSS
6.4AI Score
0.971EPSS
Altenergy Power Control Software C1.2.5 - Remote Command Injection
Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or...
9.8CVSS
9.8AI Score
0.856EPSS
PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login...
6.1CVSS
5.2AI Score
0.002EPSS
HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....
Summary IBM MQ Operator and Queue manager container images are vulnerable to protobuf-go, libcurl, libexpat, golang-fips/openssl which were identified in RedHat UBI. IBM MQ is vulnerable to a buffer overflow condition, phishing attacks in open redirect , Java SE, IBM GSKit-Crypto. This bulletin...
7.5CVSS
9AI Score
0.001EPSS
CVE-2024-26625 llc: call sock_orphan() at release time
In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket. In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after calling...
6.4AI Score
0.0004EPSS
Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via...
6.1CVSS
6.1AI Score
0.003EPSS
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...
9.4CVSS
9.4AI Score
0.017EPSS
Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via...
6.1CVSS
6AI Score
0.003EPSS
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...
CVE-2024-26635 llc: Drop support for ETH_P_TR_802_2.
In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the bug. write$tun(r0,...
6.3AI Score
0.0004EPSS
CVE-2024-26625 llc: call sock_orphan() at release time
In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket. In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after calling...
7.4AI Score
0.0004EPSS
Polarisft Intellect Core Banking Software Version 9.7.1 - Open Redirect
Polarisft Intellect Core Banking Software Version 9.7.1 is susceptible to an open redirect issue in the Core and Portal modules via the /IntellectMain.jsp?IntellectSystem=...
6.1CVSS
6.2AI Score
0.001EPSS
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....
Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0...
7.5CVSS
5.8AI Score
0.002EPSS
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....
7.4AI Score
0.002EPSS
Cisco Firepower Management Center Software SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...
8.5AI Score
0.001EPSS
Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion
Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP...
9.8CVSS
9.4AI Score
0.473EPSS
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packets without mac len...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packets without mac len...
6.4AI Score
0.0004EPSS
CVE-2024-26636 llc: make llc_ui_sendmsg() more robust against bonding changes
In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others,...
7.5AI Score
0.0004EPSS