CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21685
https://notcve.org/view.php?id=CVE-2024-21685
18 Jun 2024 — This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 94%CPEs: 28EXPL: 7CVE-2024-21683 – Atlassian Confluence Administrator Code Macro Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-21683
21 May 2024 — This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to d... • https://packetstorm.news/files/id/179507 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29461
https://notcve.org/view.php?id=CVE-2024-29461
12 Apr 2024 — An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. Un problema en Floodlight SDN OpenFlow Controller v.1.2 permite que un atacante remoto provoque una denegación de servicio a través del componente datapath id. • https://gist.github.com/ErodedElk/399a226905c574efe705e3bff77955e3 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 2%CPEs: 12EXPL: 0CVE-2024-21677
https://notcve.org/view.php?id=CVE-2024-21677
19 Mar 2024 — This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your in... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1369444862 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 1%CPEs: 12EXPL: 0CVE-2024-21678
https://notcve.org/view.php?id=CVE-2024-21678
20 Feb 2024 — This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires no user interaction. Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you are unable to do... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21682
https://notcve.org/view.php?id=CVE-2024-21682
20 Feb 2024 — This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you ma... • https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22514
https://notcve.org/view.php?id=CVE-2023-22514
16 Jan 2024 — To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to i... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1299929380 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2023-22512
https://notcve.org/view.php?id=CVE-2023-22512
16 Jan 2024 — To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a vulnerable host (Confluence instance) connected to a network, which has no impact to c... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 5%CPEs: 6EXPL: 0CVE-2024-21673
https://notcve.org/view.php?id=CVE-2024-21673
16 Jan 2024 — This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction. Atlassian r... • https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2024-21672
https://notcve.org/view.php?id=CVE-2024-21672
16 Jan 2024 — This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian ... • https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •