| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. |
| In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. |
| In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. |
| In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. |
| In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. |
| In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. |
| In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. |
| In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. |
| In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. |
| In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. |
| In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. |
| In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. |
| In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS. |
| In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. |
| In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. |
| In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. |
| In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode. |
| In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. |
| In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software. |