Filtered by vendor Jetbrains
Subscriptions
Total
359 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-27623 | 1 Jetbrains | 1 Ideavim | 2020-11-30 | 7.5 High |
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. | ||||
CVE-2020-27622 | 1 Jetbrains | 1 Intellij Idea | 2020-11-23 | 5.3 Medium |
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. | ||||
CVE-2020-27628 | 1 Jetbrains | 1 Teamcity | 2020-11-23 | 4.3 Medium |
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. | ||||
CVE-2020-25207 | 1 Jetbrains | 1 Toolbox | 2020-11-21 | 9.8 Critical |
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. | ||||
CVE-2020-25013 | 1 Jetbrains | 1 Toolbox | 2020-11-21 | 7.5 High |
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. | ||||
CVE-2020-27625 | 1 Jetbrains | 1 Youtrack | 2020-11-21 | 5.3 Medium |
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. | ||||
CVE-2020-27624 | 1 Jetbrains | 1 Youtrack | 2020-11-21 | 5.3 Medium |
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. | ||||
CVE-2020-27626 | 1 Jetbrains | 1 Youtrack | 2020-11-21 | 5.3 Medium |
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. | ||||
CVE-2020-15822 | 1 Jetbrains | 1 Youtrack | 2020-10-22 | 7.3 High |
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | ||||
CVE-2019-12866 | 1 Jetbrains | 1 Youtrack | 2020-08-24 | N/A |
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | ||||
CVE-2019-12867 | 1 Jetbrains | 1 Youtrack | 2020-08-24 | N/A |
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | ||||
CVE-2019-19389 | 1 Jetbrains | 1 Ktor | 2020-08-24 | 5.4 Medium |
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. | ||||
CVE-2019-12844 | 1 Jetbrains | 1 Teamcity | 2020-08-24 | N/A |
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3. | ||||
CVE-2019-14958 | 1 Jetbrains | 1 Pycharm | 2020-08-24 | 7.5 High |
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation. | ||||
CVE-2019-12843 | 1 Jetbrains | 1 Teamcity | 2020-08-24 | N/A |
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. | ||||
CVE-2019-12736 | 1 Jetbrains | 1 Ktor | 2020-08-24 | 9.8 Critical |
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | ||||
CVE-2019-15038 | 1 Jetbrains | 1 Teamcity | 2020-08-24 | 7.5 High |
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. | ||||
CVE-2019-15039 | 1 Jetbrains | 1 Teamcity | 2020-08-24 | 9.8 Critical |
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. | ||||
CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | ||||
CVE-2019-9872 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. |