The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection

In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page

In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab

In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Members allows Stored XSS.This issue affects Team Members: from n/a through 5.3.3.

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.