CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29812
https://notcve.org/view.php?id=CVE-2022-29812
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient En JetBrains IntelliJ IDEA versiones anteriores a 2022.1, los mecanismos de notificación sobre el uso de caracteres de formato de direccionalidad Unicode eran insuficientes • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-176: Improper Handling of Unicode Encoding •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29811
https://notcve.org/view.php?id=CVE-2022-29811
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. En JetBrains Hub versiones anteriores a 2022.1.14638, era posible un ataque de tipo XSS almacenado por medio del icono del proyecto • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29035
https://notcve.org/view.php?id=CVE-2022-29035
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations En JetBrains Ktor Native versiones anteriores a 2.0.0, los valores aleatorios usados para la generación de nonce no usaban implementaciones de SecureRandom • https://github.com/ktorio/ktor/pull/2776 https://www.jetbrains.com/privacy-security/issues-fixed • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28651
https://notcve.org/view.php?id=CVE-2022-28651
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields En JetBrains IntelliJ IDEA versiones anteriores a 2021.3.3, era posible conseguir contraseñas de campos protegidos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-522: Insufficiently Protected Credentials •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28650
https://notcve.org/view.php?id=CVE-2022-28650
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI En JetBrains YouTrack versiones anteriores a 2022.1.43700, era posible inyectar JavaScript en Markdown en la UI de YouTrack Classic • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •