Filtered by vendor Jetbrains
Subscribe
Total
396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3315 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. | |||||
| CVE-2021-37542 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2020.2.3, XSS was possible. | |||||
| CVE-2021-30006 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure. | |||||
| CVE-2021-31898 | 1 Jetbrains | 1 Webstorm | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. | |||||
| CVE-2021-31905 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. | |||||
| CVE-2021-31897 | 1 Jetbrains | 1 Webstorm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. | |||||
| CVE-2021-37552 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. | |||||
| CVE-2021-31907 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. | |||||
| CVE-2021-37541 | 1 Jetbrains | 1 Hub | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. | |||||
| CVE-2021-25772 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. | |||||
| CVE-2020-25210 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. | |||||
| CVE-2021-25765 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. | |||||
| CVE-2020-27628 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. | |||||
| CVE-2020-27627 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. | |||||
| CVE-2020-35667 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. | |||||
| CVE-2021-25755 | 1 Jetbrains | 1 Code With Me | 2024-02-28 | 1.9 LOW | 2.5 LOW |
| In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic. | |||||
| CVE-2021-25773 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. | |||||
| CVE-2020-29582 | 2 Jetbrains, Oracle | 4 Kotlin, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 1 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. | |||||
| CVE-2020-27629 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. | |||||
| CVE-2021-25758 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. | |||||