NVD disclosure day

Published threat advisories for March 25, 2019

CVE advisoryKnown Exploit

CVE-2019-7609

Kibana Timelion Vulnerability Allows Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A flaw in Kibana's Timelion visualizer enables arbitrary code execution. Attackers can exploit this by sending malicious requests, potentially leading to command execution on the host system with the Kibana process's permissions. This poses a risk to system integrity and data.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2019-3396

Atlassian Confluence Server-Side Template Injection and Code Execution Risk.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Atlassian Confluence Server's Widget Connector macro allows remote attackers to execute code. This could lead to data compromise and operational disruption for affected organizations. The risk is significant due to the ease of exploitation and potential for unauthorized access.

NVD published: • CISA KEV