CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10102
https://notcve.org/view.php?id=CVE-2019-10102
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. Las versiones de framework Ktor de JetBrains (creadas con la plantilla IDE de Kotlin) en versiones anteriores a la 1.1.0 estaban resolviendo artefactos utilizando una conexión http durante el proceso de construcción, lo que posiblemente permitía un ataque MITM. Este problema se solucionó en la versión 1.3.30 del plugin de Kotlin. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 https://security.netapp.com/advisory/ntap-20230818-0012 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10103
https://notcve.org/view.php?id=CVE-2019-10103
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101. Los proyectos de IDEA IntelliJ de JetBrains creados con la plantilla IDE Kotlin (JS Client/JVM Server) resolvían los artefactos de Gradle mediante una conexión http, lo que posiblemente permitía un ataque MITM. Este problema, que se solucionó en la versión 1.3.30 del complemento de Kotlin, es similar a CVE-2019-10101. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 https://security.netapp.com/advisory/ntap-20230818-0012 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14878
https://notcve.org/view.php?id=CVE-2018-14878
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. JetBrains dotPeek en versiones anteriores a 2018.2 y ReSharper Ultimate en versiones anteriores a 2018.1.4 permiten que los atacantes ejecuten código descompilando un objeto .NET compilado (como un archivo DLL o EXE) con un archivo específico por una deserialización de datos no fiables. • https://blog.jetbrains.com/dotnet/2018/08/02/resharper-ultimate-2018-1-4-rider-2018-1-4-released https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8316
https://notcve.org/view.php?id=CVE-2017-8316
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. Se ha descubierto que el analizador XML de IntelliJ IDEA es vulnerable a un ataque de XEE (XML External Entity) por el que un atacante podría explotar la vulnerabilidad implementando código malicioso en ambos archivos Androidmanifest.xml. • http://git.jetbrains.org/?p=idea/adt-tools-base.git%3Ba=commit%3Bh=a778b2b88515513654e002cd51cbe8eb8226e96b https://research.checkpoint.com/parsedroid-targeting-android-development-research-community https://youtrack.jetbrains.com/issue/IDEA-175381 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10036
https://notcve.org/view.php?id=CVE-2014-10036
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. Vulnerabilidad de XSS en JetBrains TeamCity anterior a 8.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro cameFromUrl en feed/generateFeedUrl.html. • http://confluence.jetbrains.com/display/TCD8/What%27s+New+in+TeamCity+8.1 http://secunia.com/advisories/57221 https://exchange.xforce.ibmcloud.com/vulnerabilities/91768 https://www.netsparker.com/critical-xss-vulnerabilities-in-teamcity • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •