• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
high severity flaws uncovered in atlassian products and isc bind server

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

You are here: Home / General Cyber Security News / High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
September 22, 2023

Atlassian and the Internet Techniques Consortium (ISC) have disclosed many security flaws impacting their merchandise that could be exploited to accomplish denial-of-service (DoS) and distant code execution.

The Australian software services company claimed that the four large-severity flaws have been fastened in new variations shipped previous month. This incorporates –

  • CVE-2022-25647 (CVSS rating: 7.5) – A deserialization flaw in the Google Gson package deal impacting Patch Management in Jira Provider Administration Knowledge Middle and Server
  • CVE-2023-22512 (CVSS score: 7.5) – A DoS flaw in Confluence Knowledge Middle and Server
  • CVE-2023-22513 (CVSS rating: 8.5) – A RCE flaw in Bitbucket Details Heart and Server
  • CVE-2023-28709 (CVSS rating: 7.5) – A DoS flaw in Apache Tomcat server impacting Bamboo Information Centre and Server

The flaws have been addressed in the next versions –

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


  • Jira Assistance Administration Server and Data Center (versions 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11., or later on)
  • Confluence Server and Knowledge Heart (versions 7.19.13, 7.19.14, 8.5.1, 8.6., or afterwards)
  • Bitbucket Server and Information Centre (variations 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14., or later on)
  • Bamboo Server and Information Heart (versions 9.2.4, 9.3.1, or later on)

Two Significant-Severity Flaws in BIND Fastened

In a linked progress, ISC has unveiled fixes for two high-severity bugs affecting the Berkeley Internet Identify Domain (BIND) 9 Area Identify Method (DNS) application suite that could pave the way for a DoS condition –

  • CVE-2023-3341 (CVSS rating: 7.5) – A stack exhaustion flaw in regulate channel code might bring about named to terminate unexpectedly (preset in versions 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, and 9.18.19-S1)
  • CVE-2023-4236 (CVSS rating: 7.5) – The named service may perhaps terminate unexpectedly beneath high DNS-in excess of-TLS question load (fixed in versions 9.18.19 and 9.18.19-S1)

The hottest patches arrive three months after ISC rolled out fixes for 3 other flaws in the application (CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911, CVSS scores: 7.5) that could end result in a DoS ailment.

Found this report appealing? Adhere to us on Twitter  and LinkedIn to read through far more exclusive material we article.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «apple rushes to patch 3 new zero day flaws: ios, macos, Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
Next Post: Iranian Nation-State Actor OilRig Targets Israeli Organizations iranian nation state actor oilrig targets israeli organizations»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
  • Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
  • Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
  • Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
  • WhatsApp’s New Secret Code Feature Lets Users Protect Private Chats with Password
  • U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
  • Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
  • Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
  • Google Unveils RETVec – Gmail’s New Defense Against Spam and Malicious Emails
  • North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Copyright © TheCyberSecurity.News, All Rights Reserved.