Filtered by vendor Jetbrains
Subscribe
Total
484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24942 | 1 Jetbrains | 1 Teamcity | 2024-02-09 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | |||||
| CVE-2024-24943 | 1 Jetbrains | 1 Toolbox | 2024-02-09 | N/A | 5.5 MEDIUM |
| In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image | |||||
| CVE-2024-22370 | 1 Jetbrains | 1 Youtrack | 2024-01-12 | N/A | 5.4 MEDIUM |
| In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible | |||||
| CVE-2023-51655 | 1 Jetbrains | 1 Intellij Idea | 2023-12-29 | N/A | 9.8 CRITICAL |
| In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration | |||||
| CVE-2023-50871 | 1 Jetbrains | 1 Youtrack | 2023-12-19 | N/A | 4.3 MEDIUM |
| In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | |||||
| CVE-2023-50870 | 1 Jetbrains | 1 Teamcity | 2023-12-19 | N/A | 8.8 HIGH |
| In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible | |||||
| CVE-2022-48429 | 1 Jetbrains | 1 Hub | 2023-11-07 | N/A | 5.4 MEDIUM |
| In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible | |||||
| CVE-2020-29582 | 2 Jetbrains, Oracle | 4 Kotlin, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 1 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. | |||||
| CVE-2020-15824 | 2 Jetbrains, Oracle | 3 Kotlin, Banking Extensibility Workbench, Communications Cloud Native Core Policy | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. | |||||
| CVE-2017-8316 | 1 Jetbrains | 1 Intellij Idea | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | |||||
| CVE-2023-45613 | 1 Jetbrains | 1 Ktor | 2023-10-12 | N/A | 9.1 CRITICAL |
| In JetBrains Ktor before 2.3.5 server certificates were not verified | |||||
| CVE-2023-45612 | 1 Jetbrains | 1 Ktor | 2023-10-12 | N/A | 9.8 CRITICAL |
| In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | |||||
| CVE-2023-41248 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | |||||
| CVE-2023-41250 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | |||||
| CVE-2023-41249 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | |||||
| CVE-2019-10101 | 1 Jetbrains | 1 Kotlin | 2023-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | |||||
| CVE-2019-10102 | 1 Jetbrains | 2 Kotlin, Ktor | 2023-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | |||||
| CVE-2019-10103 | 1 Jetbrains | 1 Kotlin | 2023-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101. | |||||
| CVE-2022-24336 | 1 Jetbrains | 1 Teamcity | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | |||||
| CVE-2022-24442 | 1 Jetbrains | 1 Youtrack | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | |||||