Filtered by vendor Atlassian
Subscribe
Total
413 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5229 | 1 Atlassian | 1 Bamboo | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | |||||
| CVE-2015-8361 | 1 Atlassian | 1 Bamboo | 2018-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. | |||||
| CVE-2015-8399 | 1 Atlassian | 1 Confluence | 2018-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. | |||||
| CVE-2015-8360 | 1 Atlassian | 1 Bamboo | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. | |||||
| CVE-2015-8398 | 1 Atlassian | 1 Confluence | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. | |||||
| CVE-2015-5603 | 1 Atlassian | 1 Hipchat | 2018-10-09 | 6.5 MEDIUM | N/A |
| The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | |||||
| CVE-2014-9757 | 1 Atlassian | 1 Bamboo | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. | |||||
| CVE-2017-18103 | 1 Atlassian | 1 Http Library | 2018-09-14 | 4.3 MEDIUM | 4.7 MEDIUM |
| The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml. | |||||
| CVE-2018-5229 | 1 Atlassian | 1 Universal Plugin Manager | 2018-09-12 | 3.5 LOW | 5.4 MEDIUM |
| The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. | |||||
| CVE-2018-1000617 | 1 Atlassian | 1 Floodlight Controller | 2018-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack). | |||||
| CVE-2018-13389 | 1 Atlassian | 1 Confluence | 2018-09-07 | 4.3 MEDIUM | 4.7 MEDIUM |
| The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml. | |||||
| CVE-2018-13388 | 1 Atlassian | 2 Crucible, Fisheye | 2018-09-04 | 3.5 LOW | 5.4 MEDIUM |
| The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. | |||||
| CVE-2017-16859 | 1 Atlassian | 2 Crucible, Fisheye | 2018-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter. | |||||
| CVE-2017-16860 | 1 Atlassian | 1 Application Links | 2018-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message. | |||||
| CVE-2018-5228 | 1 Atlassian | 2 Crucible, Fisheye | 2018-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers. | |||||
| CVE-2018-5227 | 1 Atlassian | 1 Application Links | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link. | |||||
| CVE-2017-18100 | 1 Atlassian | 1 Jira | 2018-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. | |||||
| CVE-2017-18096 | 1 Atlassian | 1 Application Links | 2018-05-10 | 4.0 MEDIUM | 7.2 HIGH |
| The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. | |||||
| CVE-2017-18097 | 1 Atlassian | 1 Jira | 2018-05-09 | 3.5 LOW | 5.4 MEDIUM |
| The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. | |||||
| CVE-2017-18098 | 1 Atlassian | 1 Jira | 2018-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. | |||||