Filtered by vendor Jetbrains
Subscribe
Total
358 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14956 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. | |||||
CVE-2020-7910 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. | |||||
CVE-2019-15035 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. | |||||
CVE-2020-7905 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. | |||||
CVE-2019-18369 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. | |||||
CVE-2019-14958 | 1 Jetbrains | 1 Pycharm | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation. | |||||
CVE-2019-12736 | 1 Jetbrains | 1 Ktor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | |||||
CVE-2019-18366 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. | |||||
CVE-2019-14957 | 1 Jetbrains | 1 Vim | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository. | |||||
CVE-2019-15039 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. | |||||
CVE-2020-5207 | 1 Jetbrains | 1 Ktor | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator. | |||||
CVE-2019-18365 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. | |||||
CVE-2019-12867 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | |||||
CVE-2019-9823 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | |||||
CVE-2019-12842 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. | |||||
CVE-2019-10100 | 1 Jetbrains | 1 Youtrack Integration | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely. | |||||
CVE-2019-10103 | 1 Jetbrains | 1 Kotlin | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101. | |||||
CVE-2019-12846 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. | |||||
CVE-2019-12851 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852. | |||||
CVE-2019-12850 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. |