CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41305
https://notcve.org/view.php?id=CVE-2021-41305
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos visualizar los nombres de los proyectos y filtros privados por medio de una vulnerabilidad Insecure Direct ... • https://jira.atlassian.com/browse/JRASERVER-72813 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41304
https://notcve.org/view.php?id=CVE-2021-41304
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos inyectar HTML o JavaScript arbitrarios a través de una vulnerabilidad de Cross-Sit... • https://jira.atlassian.com/browse/JRASERVER-72939 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39126
https://notcve.org/view.php?id=CVE-2021-39126
21 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos modificar varios recursos a través de una vulnerabili... • https://jira.atlassian.com/browse/JRASERVER-71806 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39127
https://notcve.org/view.php?id=CVE-2021-39127
21 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. Unas versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos al componente de consulta JQL endpoint por medio de una vulnerabilidad de Control de Acceso Roto (BAC). Las versiones afectadas son ... • https://jira.atlassian.com/browse/JRASERVER-72003 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18683
https://notcve.org/view.php?id=CVE-2020-18683
30 Sep 2021 — Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. Floodlight versiones hasta 1.2, presenta una comprobación de entrada deficiente en la función checkFlow en el archivo StaticFlowEntryPusherResource.java debido a un manejo inapropiado de campos no definidos • https://drive.google.com/open?id=15I75JBmFYB9rLm9ZvcFtjHy0e2a-9lyO • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18685
https://notcve.org/view.php?id=CVE-2020-18685
30 Sep 2021 — Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. Floodlight versiones hasta 1.2, presenta una comprobación de entrada deficiente en la función checkFlow en el archivo StaticFlowEntryPusherResource.java debido a requisitos previos no comprobados relacionados con los puertos TCP o UDP, o con los ID de grupo o de tabla • https://drive.google.com/open?id=1oIt6jViGxLALUkLVELsQpC26MJYFZt2U • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18684
https://notcve.org/view.php?id=CVE-2020-18684
30 Sep 2021 — Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. Floodlight versiones hasta 1.2, presenta un desbordamiento de enteros en la función checkFlow en el archivo StaticFlowEntryPusherResource.java por medio de la prioridad o el número de puerto • https://drive.google.com/open?id=1310MS7djRfF0N2YmmzVTs8x5oJuHQVX5 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39128
https://notcve.org/view.php?id=CVE-2021-39128
16 Sep 2021 — Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1. Unas versiones afectadas de Atlassian Jira Server o Data Center usando el complemento Jira Service Management permiten a atacan... • https://jira.atlassian.com/browse/JRASERVER-72804 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39125
https://notcve.org/view.php?id=CVE-2021-39125
14 Sep 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. Unas versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos detectar los nombres de usuario de los usuarios por medio de una vulnerabilidad de enumeración en la página de restablecimiento de cont... • https://jira.atlassian.com/browse/JRASERVER-72009 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20101
https://notcve.org/view.php?id=CVE-2019-20101
14 Sep 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/