Filtered by vendor Jetbrains
Subscribe
Total
396 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-45977 | 1 Jetbrains | 7 Clion, Goland, Intellij Idea and 4 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1. | |||||
CVE-2022-29929 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | |||||
CVE-2022-29813 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | |||||
CVE-2022-29821 | 1 Jetbrains | 1 Pycharm | 2024-02-28 | 4.4 MEDIUM | 7.7 HIGH |
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible | |||||
CVE-2022-24328 | 1 Jetbrains | 1 Hub | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | |||||
CVE-2022-28649 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description | |||||
CVE-2022-34894 | 1 Jetbrains | 1 Hub | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | |||||
CVE-2022-25260 | 1 Jetbrains | 1 Hub | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | |||||
CVE-2022-24336 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | |||||
CVE-2022-29928 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | |||||
CVE-2022-29817 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | |||||
CVE-2022-25261 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | |||||
CVE-2022-29035 | 1 Jetbrains | 1 Ktor | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | |||||
CVE-2022-28650 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI | |||||
CVE-2022-24344 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. | |||||
CVE-2022-24340 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | |||||
CVE-2022-25263 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | |||||
CVE-2022-29812 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | 2.1 LOW | 2.3 LOW |
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient | |||||
CVE-2022-24346 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. | |||||
CVE-2022-25259 | 1 Jetbrains | 1 Hub | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. |