Jetbrains

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14958 1Jetbrains 1Pycharm Nov 21, 2024 Oct 2, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrol...Show more JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.Show less
CVE-2019-14956 1Jetbrains 1Youtrack Nov 21, 2024 Oct 2, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
CVE-2019-12737 1Jetbrains 1Ktor Nov 21, 2024 Oct 2, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
CVE-2019-12736 1Jetbrains 1Ktor Nov 21, 2024 Oct 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
CVE-2019-12157 1Jetbrains 2Teamcity Upsource Nov 21, 2024 Oct 2, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
CVE-2019-12156 1Jetbrains 1Upsource Nov 21, 2024 Oct 2, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.
CVE-2019-15041 1Jetbrains 1Youtrack Nov 21, 2024 Oct 1, 2019 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
CVE-2019-15035 1Jetbrains 1Teamcity Nov 21, 2024 Oct 1, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
CVE-2019-15042 1Jetbrains 1Teamcity Nov 21, 2024 Oct 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
CVE-2019-14961 1Jetbrains 1Upsource Nov 21, 2024 Oct 1, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.
CVE-2019-15038 1Jetbrains 1Teamcity Nov 21, 2024 Oct 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
CVE-2019-14960 1Jetbrains 1Rider Nov 21, 2024 Oct 1, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.
CVE-2019-14957 1Jetbrains 1Vim Nov 21, 2024 Oct 1, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.
CVE-2019-14955 1Jetbrains 1Hub Nov 21, 2024 Oct 1, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.
CVE-2019-14953 1Jetbrains 1Youtrack Nov 21, 2024 Oct 1, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
CVE-2019-15039 1Jetbrains 1Teamcity Nov 21, 2024 Oct 1, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
CVE-2019-14954 1Jetbrains 1Intellij Idea Nov 21, 2024 Oct 1, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.
CVE-2019-14952 1Jetbrains 1Youtrack Nov 21, 2024 Oct 1, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
CVE-2019-15848 1Jetbrains 1Teamcity Nov 21, 2024 Sep 5, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
CVE-2019-12852 1Jetbrains 1Youtrack Nov 21, 2024 Jul 3, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.

Previous 1...25 262728 29 Next