Vulnerabilities (CVE)

Filtered by vendor Atlassian Subscribe
Total 433 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4317 1 Atlassian 1 Confluence 2024-02-28 3.5 LOW 5.4 MEDIUM
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
CVE-2016-6496 1 Atlassian 1 Crowd 2024-02-28 7.5 HIGH 9.8 CRITICAL
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
CVE-2017-8080 1 Atlassian 1 Hipchat Server 2024-02-28 6.5 MEDIUM 8.8 HIGH
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
CVE-2016-6668 1 Atlassian 2 Confluence Server, Jira Integration For Hipchat 2024-02-28 5.0 MEDIUM 7.5 HIGH
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.
CVE-2016-4318 1 Atlassian 1 Jira 2024-02-28 3.5 LOW 4.8 MEDIUM
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
CVE-2017-8058 1 Atlassian 1 Hipchat 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
CVE-2016-4320 1 Atlassian 1 Bitbucket 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
CVE-2017-5983 1 Atlassian 1 Jira 2024-02-28 7.5 HIGH 9.8 CRITICAL
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
CVE-2016-4319 1 Atlassian 1 Jira 2024-02-28 6.8 MEDIUM 8.8 HIGH
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
CVE-2017-8768 1 Atlassian 1 Sourcetree 2024-02-28 10.0 HIGH 9.8 CRITICAL
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632.
CVE-2016-6283 1 Atlassian 1 Confluence 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
CVE-2016-6285 1 Atlassian 1 Jira 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
CVE-2016-5229 1 Atlassian 1 Bamboo 2024-02-28 7.5 HIGH 9.8 CRITICAL
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.