Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-14263: Security Bulletin: iOS KeyChain Data Protection vulnerability in MobileIron AppConnect SDK affects HCL Traveler Companion (CVE-2020-14263) - Customer Support

“HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK”

CVE
#vulnerability#ios

Related news

CVE-2021-41312: [JRASERVER-72801] Access-revoked user can enable/disable Issue Collectors on a Jira project - CVE-2021-41312 - Create and track feature requests for Atlassian products.

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1.

CVE-2021-41310: [JRASERVER-72800] Stored XSS on /secure/admin/AssociatedProjectsForCustomField.jspa - CVE-2021-41310 - Create and track feature requests for Atlassian products.

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1.

CVE-2021-41313: [JRASERVER-72898] Privilege escalation leads unauthorized user to edit email batch configurations - CVE-2021-41313 - Create and track feature requests for Atlassian products.

Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.21.0.

CVE-2021-41307: [JRASERVER-72916] Anonymous user can view names of private projects and filters via IDOR in Workload Pie Chart Gadget - CVE-2021-41307 - Create and track feature requests for Atlassian...

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.

CVE-2021-41305: [JRASERVER-72813] Anonymous user can view private project and filter names via IDOR in Average Number of Times in Status Gadget - CVE-2021-41305 - Create and track feature requests for...

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12..

CVE-2021-41304: [JRASERVER-72939] Reflected XSS /secure/admin/ImporterFinishedPage.jspa via error message - CVE-2021-41304 - Create and track feature requests for Atlassian products.

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.1.

CVE-2021-41306: [JRASERVER-72915] Anonymous users can view names of private projects and filters via Average Time in Status Gadget - CVE-2021-41306 - Create and track feature requests for Atlassian pr...

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.

CVE-2021-39128:

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.

CVE-2021-23052:

On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2019-20101: [JRASERVER-72618] Anonymous users can access the /rest/whitelist/<version>/check resource - CVE-2019-20101 - Create and track feature requests for Atlassian products.

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.

CVE-2021-39123: [JRASERVER-72237] Denial of Service via /rest/gadget/1.0/createdVsResolved/generate endpoint - CVE-2021-39123 - Create and track feature requests for Atlassian products.

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. The affected versions are before version 8.16.0.

CVE-2021-39118: [JRASERVER-72736] User Enumeration via /rest/api/1.0/render endpoint - CVE-2021-39118 - Create and track feature requests for Atlassian products.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0.

CVE-2019-20101: [JRASERVER-72618] Anonymous users can access the /rest/whitelist/ /check resource - CVE-2019-20101 - Create and track feature requests for Atlassian products.

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.

CVE-2021-26086: [JRASERVER-72695] Limited Remote File Read/Include in Jira Software Server - CVE-2021-26086 - Create and track feature requests for Atlassian products.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

CVE-2020-24141: research/CVE-2020-24141.md at main · secwx/research

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907