Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-43186: JetBrains Security Bulletin Q3 2021 | JetBrains News

JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.

CVE
#xss

Related news

CVE-2021-43197: JetBrains Security Bulletin Q3 2021 | JetBrains News

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.

CVE-2021-43198: JetBrains Security Bulletin Q3 2021 | JetBrains News

In JetBrains TeamCity before 2021.1.2, stored XSS is possible.

CVE-2021-43193: JetBrains Security Bulletin Q3 2021 | JetBrains News

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

CVE-2021-43199: JetBrains Security Bulletin Q3 2021 | JetBrains News

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.

CVE-2021-43200: JetBrains Security Bulletin Q3 2021 | JetBrains News

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.

CVE-2021-43183: JetBrains Security Bulletin Q3 2021 | JetBrains News

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.

CVE-2021-43195: JetBrains Security Bulletin Q3 2021 | JetBrains News

In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.

CVE-2021-43196: JetBrains Security Bulletin Q3 2021 | JetBrains News

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.

CVE-2021-43185: JetBrains Security Bulletin Q3 2021 | JetBrains News

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

CVE-2021-43201: JetBrains Security Bulletin Q3 2021 | JetBrains News

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.

CVE-2021-43191: JetBrains Security Bulletin Q3 2021 | JetBrains News

JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.

CVE-2021-43203: JetBrains Security Bulletin Q3 2021 | JetBrains News

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.

CVE-2021-39875: 2021/CVE-2021-39875.json · master · GitLab.org / cves · GitLab

In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907