← Back

Jetbrains

jetbrains

564 CVEs • 38 products

Products (38)

Click to collapse
Toggle
Teamcity
teamcity
269 CVEs
Youtrack
youtrack
108 CVEs
Intellij Idea
intellij_idea
62 CVEs
Hub
hub
33 CVEs
Ktor
ktor
21 CVEs
Toolbox
toolbox
11 CVEs
Pycharm
pycharm
9 CVEs
Rider
rider
8 CVEs
Kotlin
kotlin
6 CVEs
Youtrack Mobile
youtrack_mobile
6 CVEs
Upsource
upsource
5 CVEs
Webstorm
webstorm
5 CVEs
Resharper
resharper
4 CVEs
Goland
goland
4 CVEs
Phpstorm
phpstorm
4 CVEs
Rubymine
rubymine
4 CVEs
Space
space
3 CVEs
Code With Me
code_with_me
3 CVEs
Junie
junie
3 CVEs
Mps
mps
2 CVEs
Clion
clion
2 CVEs
Dottrace
dottrace
2 CVEs
Dotpeek
dotpeek
1 CVE
Resharper Ultimate
resharper_ultimate
1 CVE
Youtrack Integration
youtrack_integration
1 CVE
Vim
vim
1 CVE
Idetalk
idetalk
1 CVE
Scala
scala
1 CVE
Ideavim
ideavim
1 CVE
Jetbrains Gateway
jetbrains_gateway
1 CVE
Aqua
aqua
1 CVE
Datagrip
datagrip
1 CVE
Dataspell
dataspell
1 CVE
Rustrover
rustrover
1 CVE
Etw Host Service
etw_host_service
1 CVE
Runtime
runtime
1 CVE
Ide Services
ide_services
1 CVE
Datalore
datalore
1 CVE

CVEs (564)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-5207
1Jetbrains
1Ktor
Nov 21, 2024
Jan 27, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
CVE-2019-18412
1Jetbrains
1Idetalk
Nov 21, 2024
Jan 15, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
JetBrains IDETalk plugin before version 193.4099.10 allows XXE
CVE-2019-19389
1Jetbrains
1Ktor
Nov 21, 2024
Dec 26, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
CVE-2019-19703
1Jetbrains
1Ktor
Nov 21, 2024
Dec 10, 2019
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
CVE-2019-18369
1Jetbrains
1Youtrack
Nov 21, 2024
Oct 31, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
CVE-2019-18368
1Jetbrains
1Toolbox
Nov 21, 2024
Oct 31, 2019
N/A· v4
7.3 HIGH· v3
7.5 HIGH· v2
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
CVE-2019-18367
1Jetbrains
1Teamcity
Nov 21, 2024
Oct 31, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVE-2019-18366
1Jetbrains
1Teamcity
Nov 21, 2024
Oct 31, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVE-2019-18365
1Jetbrains
1Teamcity
Nov 21, 2024
Oct 31, 2019
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVE-2019-18364
1Jetbrains
1Teamcity
Nov 21, 2024
Oct 31, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
CVE-2019-18363
1Jetbrains
1Teamcity
Nov 21, 2024
Oct 31, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
CVE-2019-18362
1Jetbrains
1Mps
Nov 21, 2024
Oct 31, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
JetBrains MPS before 2019.2.2 exposed listening ports to the network.
CVE-2019-18361
1Jetbrains
1Intellij Idea
Nov 21, 2024
Oct 31, 2019
N/A· v4
5.3 MEDIUM· v3
4.6 MEDIUM· v2
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.
CVE-2019-18360
1Jetbrains
1Hub
Nov 21, 2024
Oct 31, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
CVE-2019-16407
1Jetbrains
1Resharper
Nov 21, 2024
Oct 2, 2019
N/A· v4
7.3 HIGH· v3
4.4 MEDIUM· v2
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
CVE-2019-16171
1Jetbrains
1Youtrack
Nov 21, 2024
Oct 2, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
CVE-2019-15040
1Jetbrains
1Youtrack
Nov 21, 2024
Oct 2, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
CVE-2019-15037
1Jetbrains
1Teamcity
Nov 21, 2024
Oct 2, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
CVE-2019-15036
1Jetbrains
1Teamcity
Nov 21, 2024
Oct 2, 2019
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
CVE-2019-14959
1Jetbrains
1Toolbox
Nov 21, 2024
Oct 2, 2019
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.