Show filters
13 Total Results
Displaying 1-10 of 13
Sort by:
Attacker Value
Unknown

CVE-2025-23385

Disclosure Date: January 28, 2025 (last updated January 29, 2025)
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
0
Attacker Value
Unknown

CVE-2024-37051

Disclosure Date: June 10, 2024 (last updated June 13, 2024)
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
Attacker Value
Unknown

CVE-2024-24939

Disclosure Date: February 06, 2024 (last updated February 09, 2024)
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
Attacker Value
Unknown

CVE-2022-37396

Disclosure Date: August 03, 2022 (last updated October 08, 2023)
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution
Attacker Value
Unknown

CVE-2014-125001

Disclosure Date: May 24, 2022 (last updated October 07, 2023)
A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.
Attacker Value
Unknown

CVE-2020-10257

Disclosure Date: March 10, 2020 (last updated February 21, 2025)
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.
Attacker Value
Unknown

CVE-2020-7906

Disclosure Date: January 30, 2020 (last updated February 21, 2025)
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.
Attacker Value
Unknown

CVE-2019-14960

Disclosure Date: October 01, 2019 (last updated November 27, 2024)
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.
Attacker Value
Unknown

CVE-2016-10611

Disclosure Date: May 29, 2018 (last updated November 26, 2024)
strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
0
Attacker Value
Unknown

CVE-2006-0440

Disclosure Date: January 26, 2006 (last updated February 22, 2025)
Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.
0