Filtered by vendor Jetbrains
Subscriptions
Total
453 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10102 | 1 Jetbrains | 2 Kotlin, Ktor | 2024-11-21 | N/A |
| JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | ||||
| CVE-2019-10101 | 1 Jetbrains | 1 Kotlin | 2024-11-21 | 8.1 High |
| JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | ||||
| CVE-2019-10100 | 1 Jetbrains | 1 Youtrack Integration | 2024-11-21 | N/A |
| In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely. | ||||
| CVE-2018-14878 | 1 Jetbrains | 2 Dotpeek, Resharper Ultimate | 2024-11-21 | N/A |
| JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | ||||
| CVE-2017-8316 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A |
| IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | ||||
| CVE-2014-10036 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. | ||||
| CVE-2014-10002 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2024-49579 | 1 Jetbrains | 1 Youtrack | 2024-11-14 | 8.1 High |
| In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | ||||
| CVE-2024-50575 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 4.6 Medium |
| In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API | ||||
| CVE-2024-50576 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 4.6 Medium |
| In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest | ||||
| CVE-2024-50577 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 4.6 Medium |
| In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings | ||||
| CVE-2024-50578 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 4.6 Medium |
| In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page | ||||
| CVE-2024-50579 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 4.6 Medium |
| In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible | ||||
| CVE-2024-50580 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 4.6 Medium |
| In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule | ||||
| CVE-2024-50581 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 4.6 Medium |
| In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag | ||||
| CVE-2024-50582 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 4.6 Medium |
| In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements | ||||
| CVE-2024-50574 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 5.3 Medium |
| In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality | ||||
| CVE-2024-50573 | 1 Jetbrains | 1 Hub | 2024-10-29 | 4.3 Medium |
| In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services | ||||
| CVE-2024-48902 | 1 Jetbrains | 1 Youtrack | 2024-10-16 | 5.4 Medium |
| In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API | ||||
| CVE-2024-47951 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | 3.5 Low |
| In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | ||||