Vulnerabilities > Jetbrains
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-02 | CVE-2019-16171 | Cross-site Scripting vulnerability in Jetbrains Youtrack In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. | 4.3 |
| 2019-10-02 | CVE-2019-15040 | Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | 6.8 |
| 2019-10-02 | CVE-2019-15037 | Cross-site Scripting vulnerability in Jetbrains Teamcity 2018.2.4 An issue was discovered in JetBrains TeamCity 2018.2.4. | 4.3 |
| 2019-10-02 | CVE-2019-15036 | OS Command Injection vulnerability in Jetbrains Teamcity 2018.2.4 An issue was discovered in JetBrains TeamCity 2018.2.4. | 9.0 |
| 2019-10-02 | CVE-2019-14959 | Missing Encryption of Sensitive Data vulnerability in Jetbrains Toolbox JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. | 4.3 |
| 2019-10-02 | CVE-2019-14958 | Allocation of Resources Without Limits or Throttling vulnerability in Jetbrains Pycharm JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. | 5.0 |
| 2019-10-02 | CVE-2019-14956 | Improper Preservation of Permissions vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. | 4.0 |
| 2019-10-02 | CVE-2019-12737 | Use of Password Hash With Insufficient Computational Effort vulnerability in Jetbrains Ktor UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. | 5.0 |
| 2019-10-02 | CVE-2019-12736 | Command Injection vulnerability in Jetbrains Ktor JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | 7.5 |
| 2019-10-02 | CVE-2019-12157 | Improper Input Validation vulnerability in Jetbrains Teamcity and Upsource In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. | 10.0 |