Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian jira vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-14188
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote malicious users to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.
Atlassian Jira Create
668
VMScore
CVE-2020-14189
The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote malicious users to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.
Atlassian Jira Comment
668
VMScore
CVE-2020-14172
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote malicious ...
Atlassian Jira
Atlassian Jira Software Data Center
668
VMScore
CVE-2019-20409
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote malicious users to gain remote code execution if they were able to exploit a server side template injection vulnerability.
Atlassian Jira
Atlassian Jira Software Data Center
668
VMScore
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler up to and including 2.3.0 allows XXE attacks via a job description.
Softwareag Quartz
Oracle Flexcube Investor Servicing 12.3.0
Oracle Flexcube Investor Servicing 12.1.0
Oracle Retail Xstore Point Of Service 15.0
Oracle Flexcube Private Banking 12.1.0
Oracle Primavera Unifier 16.2
Oracle Flexcube Private Banking 12.0.0
Oracle Primavera Unifier 16.1
Oracle Retail Integration Bus 15.0
Oracle Retail Back Office 14.1
Oracle Flexcube Investor Servicing 12.4.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Retail Xstore Point Of Service 16.0
Oracle Fusion Middleware Mapviewer 12.2.1.3.0
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Integration Bus 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Primavera Unifier 18.8
Oracle Retail Point-of-service 14.1
Oracle Primavera Unifier
2 Github repositories
668
VMScore
CVE-2017-3202
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this ...
Exadel Flamingo 2.2.0
668
VMScore
CVE-2017-3206
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data ...
Exadel Flamingo 2.2.0
668
VMScore
CVE-2017-3207
The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to...
Themidnightcoders Weborb For Java 5.1.1.0
668
VMScore
CVE-2017-3208
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive da...
Themidnightcoders Weborb For Java 5.1.1.0
668
VMScore
CVE-2017-5983
The JIRA Workflow Designer Plugin in Atlassian JIRA Server prior to 6.3.0 improperly uses an XML parser and deserializer, which allows remote malicious users to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
Atlassian Jira 4.2.4
Atlassian Jira 5.0.2
Atlassian Jira 5.0.3
Atlassian Jira 5.0.4
Atlassian Jira 5.0.5
Atlassian Jira 5.2.3
Atlassian Jira 5.2.4
Atlassian Jira 5.2.5
Atlassian Jira 5.2.6
Atlassian Jira 6.0.8
Atlassian Jira 6.1
Atlassian Jira 6.1.1
Atlassian Jira 6.1.2
Atlassian Jira 6.2.6
Atlassian Jira 6.2.7
Atlassian Jira 4.3.4
Atlassian Jira 4.4
Atlassian Jira 4.4.1
Atlassian Jira 4.4.2
Atlassian Jira 4.4.3
Atlassian Jira 5.1.3
Atlassian Jira 5.1.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »