Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jetbrains
Angry Yack Logo
Total 537 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24343 1 Jetbrains 1 Youtrack 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
CVE-2022-24342 1 Jetbrains 1 Teamcity 2024-11-21 6.8 MEDIUM 8.8 HIGH
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
CVE-2022-24341 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
CVE-2022-24340 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
CVE-2022-24339 1 Jetbrains 1 Teamcity 2024-11-21 3.5 LOW 5.4 MEDIUM
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
CVE-2022-24338 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
CVE-2022-24337 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
CVE-2022-24336 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
CVE-2022-24335 1 Jetbrains 1 Teamcity 2024-11-21 6.8 MEDIUM 8.1 HIGH
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
CVE-2022-24334 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
CVE-2022-24333 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
CVE-2022-24332 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
CVE-2022-24331 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
CVE-2022-24330 1 Jetbrains 1 Teamcity 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
CVE-2022-24329 2 Jetbrains, Oracle 3 Kotlin, Communications Cloud Native Core Binding Support Function, Communications Pricing Design Center 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
CVE-2022-24328 1 Jetbrains 1 Hub 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
CVE-2022-24327 1 Jetbrains 1 Hub 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
CVE-2021-45977 1 Jetbrains 7 Clion, Goland, Intellij Idea and 4 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 20 ...

Show More
CVE-2021-43203 1 Jetbrains 1 Ktor 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
CVE-2021-43202 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVE-2021-43201 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
CVE-2021-43200 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
CVE-2021-43199 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
CVE-2021-43198 1 Jetbrains 1 Teamcity 2024-11-21 3.5 LOW 5.4 MEDIUM
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
CVE-2021-43197 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
CVE-2021-43196 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
CVE-2021-43195 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
CVE-2021-43194 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
CVE-2021-43193 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
CVE-2021-43192 2 Apple, Jetbrains 2 Iphone Os, Youtrack Mobile 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.
CVE-2021-43191 3 Apple, Google, Jetbrains 3 Iphone Os, Android, Youtrack Mobile 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.
CVE-2021-43190 2 Google, Jetbrains 2 Android, Youtrack Mobile 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible.
CVE-2021-43189 2 Google, Jetbrains 2 Android, Youtrack Mobile 2024-11-21 7.5 HIGH 7.3 HIGH
In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete.
CVE-2021-43188 2 Apple, Jetbrains 2 Iphone Os, Youtrack Mobile 2024-11-21 7.5 HIGH 7.3 HIGH
In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete.
CVE-2021-43187 2 Apple, Jetbrains 2 Iphone Os, Youtrack Mobile 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information.
CVE-2021-43186 1 Jetbrains 1 Youtrack 2024-11-21 3.5 LOW 5.4 MEDIUM
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
CVE-2021-43185 1 Jetbrains 1 Youtrack 2024-11-21 7.5 HIGH 9.8 CRITICAL
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
CVE-2021-43184 1 Jetbrains 1 Youtrack 2024-11-21 3.5 LOW 5.4 MEDIUM
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
CVE-2021-43183 1 Jetbrains 1 Hub 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
CVE-2021-43182 1 Jetbrains 1 Hub 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.