dothanthitiendiettiende

2 exploits Active since Mar 2019

CVE-2019-3396 NOMISEC CRITICAL WRITEUP

Atlassian Confluence Widget Connector Macro Velocity Template Injection

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

CVSS 9.8

View Code

CVE-2019-6207 NOMISEC MEDIUM STUB

iPhone OS < 12.2 - Out-of-bounds Read in Kernel Memory

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

CVSS 5.5

View Code