Filtered by vendor Atlassian
Subscriptions
Total
438 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6283 | 1 Atlassian | 1 Confluence | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. | ||||
| CVE-2016-5229 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | ||||
| CVE-2016-4320 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | N/A |
| Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | ||||
| CVE-2016-4319 | 1 Atlassian | 1 Jira | 2024-11-21 | N/A |
| Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | ||||
| CVE-2016-4318 | 1 Atlassian | 1 Jira | 2024-11-21 | N/A |
| Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | ||||
| CVE-2016-4317 | 1 Atlassian | 1 Confluence | 2024-11-21 | N/A |
| Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | ||||
| CVE-2016-10740 | 1 Atlassian | 1 Crowd | 2024-11-21 | N/A |
| Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources. | ||||
| CVE-2015-8481 | 1 Atlassian | 3 Jira Core, Jira Server, Jira Service Desk | 2024-11-21 | N/A |
| Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference. | ||||
| CVE-2015-8399 | 1 Atlassian | 1 Confluence | 2024-11-21 | N/A |
| Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. | ||||
| CVE-2015-8398 | 1 Atlassian | 1 Confluence | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. | ||||
| CVE-2015-8361 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. | ||||
| CVE-2015-8360 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. | ||||
| CVE-2015-6576 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. | ||||
| CVE-2015-6569 | 1 Atlassian | 1 Floodlight | 2024-11-21 | N/A |
| Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack. | ||||
| CVE-2015-5603 | 1 Atlassian | 1 Hipchat | 2024-11-21 | N/A |
| The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | ||||
| CVE-2014-9757 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. | ||||
| CVE-2014-2314 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. | ||||
| CVE-2014-2313 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. | ||||
| CVE-2013-5319 | 1 Atlassian | 1 Jira | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. | ||||
| CVE-2013-3926 | 1 Atlassian | 1 Crowd | 2024-11-21 | N/A |
| Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue, stating "We've been unable to substantiate the existence of [CVE-2013-3926]. The author of the article has not contacted Atlassian and has provided no detail, making it difficult to validate the claim... If we can confirm that there is a vulnerability, a patch will be issued. | ||||