Vulnerabilities (CVE)

Filtered by vendor Jetbrains Subscribe
Total 396 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11691 1 Jetbrains 1 Hub 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
CVE-2019-14958 1 Jetbrains 1 Pycharm 2024-02-28 5.0 MEDIUM 7.5 HIGH
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.
CVE-2020-7914 1 Jetbrains 1 Intellij Idea 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.
CVE-2019-18363 1 Jetbrains 1 Teamcity 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
CVE-2019-18365 1 Jetbrains 1 Teamcity 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVE-2020-7913 1 Jetbrains 1 Youtrack 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
CVE-2020-7906 1 Jetbrains 1 Rider 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.
CVE-2019-15038 1 Jetbrains 1 Teamcity 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
CVE-2019-15039 1 Jetbrains 1 Teamcity 2024-02-28 6.8 MEDIUM 9.8 CRITICAL
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
CVE-2019-12156 1 Jetbrains 1 Upsource 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.
CVE-2020-7908 1 Jetbrains 1 Teamcity 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
CVE-2019-18361 1 Jetbrains 1 Intellij Idea 2024-02-28 4.6 MEDIUM 5.3 MEDIUM
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.
CVE-2019-19389 1 Jetbrains 1 Ktor 2024-02-28 3.5 LOW 5.4 MEDIUM
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
CVE-2019-19703 1 Jetbrains 1 Ktor 2024-02-28 5.8 MEDIUM 6.1 MEDIUM
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
CVE-2019-15041 1 Jetbrains 1 Youtrack 2024-02-28 5.8 MEDIUM 6.1 MEDIUM
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
CVE-2019-15042 1 Jetbrains 1 Teamcity 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
CVE-2019-14957 1 Jetbrains 1 Vim 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.
CVE-2019-18412 1 Jetbrains 1 Idetalk 2024-02-28 5.0 MEDIUM 7.5 HIGH
JetBrains IDETalk plugin before version 193.4099.10 allows XXE
CVE-2019-14961 1 Jetbrains 1 Upsource 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.
CVE-2019-18364 1 Jetbrains 1 Teamcity 2024-02-28 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.