CVE-2020-27628
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
Source: CVE-2020-27628
CVE-2020-27628
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
Source: CVE-2020-27628
CVE-2020-25210
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
Source: CVE-2020-25210
CVE-2020-24366
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
Source: CVE-2020-24366
CVE-2020-27459
Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.
Source: CVE-2020-27459
CVE-2020-25013
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
Source: CVE-2020-25013
CVE-2020-25207
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
Source: CVE-2020-25207
CVE-2020-25209
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
Source: CVE-2020-25209
CVE-2020-7765
This affects the package @firebase/util before 0.3.4.
This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Source: CVE-2020-7765
CVE-2020-7773
This affects the package markdown-it-highlightjs before 3.3.1.
It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature.
const markdownItHighlightjs = require("markdown-it-highlightjs");
const md = require(‘markdown-it’);
const reuslt_xss = md()
.use(markdownItHighlightjs, { inline: true })
.render(‘console.log(42){.">js}’);
console.log(reuslt_xss);
Source: CVE-2020-7773