Jetbrains

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-37547 1Jetbrains 1Teamcity Nov 21, 2024 Aug 6, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
CVE-2021-37546 1Jetbrains 1Teamcity Nov 21, 2024 Aug 6, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
CVE-2021-37545 1Jetbrains 1Teamcity Nov 21, 2024 Aug 6, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
CVE-2021-37544 1Jetbrains 1Teamcity Nov 21, 2024 Aug 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
CVE-2021-37543 1Jetbrains 1Rubymine Nov 21, 2024 Aug 6, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.
CVE-2021-37542 1Jetbrains 1Teamcity Nov 21, 2024 Aug 6, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In JetBrains TeamCity before 2020.2.3, XSS was possible.
CVE-2021-37541 1Jetbrains 1Hub Nov 21, 2024 Aug 6, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
CVE-2021-37540 1Jetbrains 1Hub Nov 21, 2024 Aug 6, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
CVE-2021-36209 1Jetbrains 1Hub Nov 21, 2024 Aug 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
CVE-2021-31915 1Jetbrains 1Teamcity Nov 21, 2024 May 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
CVE-2021-31914 1Jetbrains 1Teamcity Nov 21, 2024 May 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
CVE-2021-31913 1Jetbrains 1Teamcity Nov 21, 2024 May 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
CVE-2021-31912 1Jetbrains 1Teamcity Nov 21, 2024 May 11, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
CVE-2021-31911 1Jetbrains 1Teamcity Nov 21, 2024 May 11, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
CVE-2021-31910 1Jetbrains 1Teamcity Nov 21, 2024 May 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
CVE-2021-31898 1Jetbrains 1Webstorm Nov 21, 2024 May 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.
CVE-2021-31897 1Jetbrains 1Webstorm Nov 21, 2024 May 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
CVE-2021-30482 1Jetbrains 1Upsource Nov 21, 2024 May 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
CVE-2021-3315 1Jetbrains 1Teamcity Nov 21, 2024 May 11, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
CVE-2021-31909 1Jetbrains 1Teamcity Nov 21, 2024 May 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

Previous 1...192021...29 Next