Filtered by vendor Atlassian
Subscribe
Total
433 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4320 | 1 Atlassian | 1 Bitbucket | 2018-10-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | |||||
| CVE-2018-13392 | 1 Atlassian | 2 Crucible, Fisheye | 2018-10-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. | |||||
| CVE-2017-7357 | 1 Atlassian | 1 Hipchat Server | 2018-10-09 | 6.5 MEDIUM | 9.1 CRITICAL |
| Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | |||||
| CVE-2016-6496 | 1 Atlassian | 1 Crowd | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | |||||
| CVE-2016-5229 | 1 Atlassian | 1 Bamboo | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | |||||
| CVE-2015-8399 | 1 Atlassian | 1 Confluence | 2018-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. | |||||
| CVE-2015-8398 | 1 Atlassian | 1 Confluence | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. | |||||
| CVE-2015-8361 | 1 Atlassian | 1 Bamboo | 2018-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. | |||||
| CVE-2015-8360 | 1 Atlassian | 1 Bamboo | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. | |||||
| CVE-2015-5603 | 1 Atlassian | 1 Hipchat | 2018-10-09 | 6.5 MEDIUM | N/A |
| The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | |||||
| CVE-2014-9757 | 1 Atlassian | 1 Bamboo | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. | |||||
| CVE-2017-18103 | 1 Atlassian | 1 Http Library | 2018-09-14 | 4.3 MEDIUM | 4.7 MEDIUM |
| The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml. | |||||
| CVE-2018-5229 | 1 Atlassian | 1 Universal Plugin Manager | 2018-09-12 | 3.5 LOW | 5.4 MEDIUM |
| The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. | |||||
| CVE-2018-1000617 | 1 Atlassian | 1 Floodlight Controller | 2018-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack). | |||||
| CVE-2018-13389 | 1 Atlassian | 1 Confluence | 2018-09-07 | 4.3 MEDIUM | 4.7 MEDIUM |
| The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml. | |||||
| CVE-2018-13388 | 1 Atlassian | 2 Crucible, Fisheye | 2018-09-04 | 3.5 LOW | 5.4 MEDIUM |
| The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. | |||||
| CVE-2017-16859 | 1 Atlassian | 2 Crucible, Fisheye | 2018-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter. | |||||
| CVE-2017-16860 | 1 Atlassian | 1 Application Links | 2018-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message. | |||||
| CVE-2018-5228 | 1 Atlassian | 2 Crucible, Fisheye | 2018-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers. | |||||
| CVE-2018-5227 | 1 Atlassian | 1 Application Links | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link. | |||||