Vulnerabilities > Jetbrains > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-11-09 CVE-2021-43193 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
network
low complexity
jetbrains
critical
 9.8
9.8
2021-11-09 CVE-2021-43200 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
network
low complexity
jetbrains
critical
 9.8
9.8
2021-08-06 CVE-2021-36209 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
network
low complexity
jetbrains CWE-640
critical
 9.8
9.8
2021-08-06 CVE-2021-37544 Deserialization of Untrusted Data vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
network
low complexity
jetbrains CWE-502
critical
 9.8
9.8
2021-08-06 CVE-2021-37549 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
network
low complexity
jetbrains
critical
 9.1
9.1
2021-05-11 CVE-2021-31897 Unspecified vulnerability in Jetbrains Webstorm
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
network
low complexity
jetbrains
critical
 9.8
9.8
2021-05-11 CVE-2021-31914 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
network
low complexity
jetbrains
critical
 9.8
9.8
2021-05-11 CVE-2021-31915 OS Command Injection vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
network
low complexity
jetbrains CWE-78
critical
 9.8
9.8
2021-05-11 CVE-2021-31909 Argument Injection or Modification vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
network
low complexity
jetbrains CWE-88
critical
 9.8
9.8
2021-02-03 CVE-2021-25770 Code Injection vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
network
low complexity
jetbrains CWE-94
critical
 9.8
9.8