ReportizFlow
Filtered by vendor Jetbrains
Subscriptions
Total
424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12844 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3. | ||||
| CVE-2019-12843 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. | ||||
| CVE-2019-12842 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12841 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12737 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 5.3 Medium |
| UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. | ||||
| CVE-2019-12736 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 9.8 Critical |
| JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | ||||
| CVE-2019-12157 | 1 Jetbrains | 2 Teamcity, Upsource | 2024-11-21 | 9.8 Critical |
| In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. | ||||
| CVE-2019-12156 | 1 Jetbrains | 1 Upsource | 2024-11-21 | 5.3 Medium |
| Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293. | ||||
| CVE-2019-10104 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A |
| In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | ||||
| CVE-2019-10103 | 1 Jetbrains | 1 Kotlin | 2024-11-21 | N/A |
| JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101. | ||||
| CVE-2019-10102 | 1 Jetbrains | 2 Kotlin, Ktor | 2024-11-21 | N/A |
| JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | ||||
| CVE-2019-10101 | 1 Jetbrains | 1 Kotlin | 2024-11-21 | 8.1 High |
| JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | ||||
| CVE-2019-10100 | 1 Jetbrains | 1 Youtrack Integration | 2024-11-21 | N/A |
| In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely. | ||||
| CVE-2018-14878 | 1 Jetbrains | 2 Dotpeek, Resharper Ultimate | 2024-11-21 | N/A |
| JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | ||||
| CVE-2017-8316 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A |
| IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | ||||
| CVE-2014-10036 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. | ||||
| CVE-2014-10002 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2024-52555 | 1 Jetbrains | 1 Webstorm | 2024-11-18 | 6.3 Medium |
| In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script | ||||
| CVE-2024-49579 | 1 Jetbrains | 1 Youtrack | 2024-11-14 | 8.1 High |
| In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | ||||
| CVE-2024-50575 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 4.6 Medium |
| In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API | ||||