Filtered by vendor Atlassian
Subscribe
Total
433 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4317 | 1 Atlassian | 1 Confluence | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | |||||
CVE-2016-6496 | 1 Atlassian | 1 Crowd | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | |||||
CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | |||||
CVE-2016-6668 | 1 Atlassian | 2 Confluence Server, Jira Integration For Hipchat | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. | |||||
CVE-2016-4318 | 1 Atlassian | 1 Jira | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | |||||
CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
CVE-2016-4320 | 1 Atlassian | 1 Bitbucket | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | |||||
CVE-2017-5983 | 1 Atlassian | 1 Jira | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | |||||
CVE-2016-4319 | 1 Atlassian | 1 Jira | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | |||||
CVE-2017-8768 | 1 Atlassian | 1 Sourcetree | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. | |||||
CVE-2016-6283 | 1 Atlassian | 1 Confluence | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. | |||||
CVE-2016-6285 | 1 Atlassian | 1 Jira | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | |||||
CVE-2016-5229 | 1 Atlassian | 1 Bamboo | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. |