Monthly Archive: October 2019

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in...

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable...

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format...

An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to...

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. Date published : 2019-10-31 JetBrains Security Bulletin Q3 2019

In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. Date published : 2019-10-31 JetBrains Security Bulletin Q3 2019

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. Date published : 2019-10-31 JetBrains Security Bulletin Q3 2019

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. Date published : 2019-10-31 JetBrains Security Bulletin Q3 2019

In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. Date published : 2019-10-31 JetBrains Security Bulletin Q3 2019

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. Date published : 2019-10-31 JetBrains Security Bulletin Q3 2019

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. Date published : 2019-10-31 JetBrains Security Bulletin Q3 2019

JetBrains MPS before 2019.2.2 exposed listening ports to the network. Date published : 2019-10-31 JetBrains Security Bulletin Q3 2019

JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. Date published : 2019-10-31 JetBrains Security Bulletin Q3 2019

In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. Date published : 2019-10-31 JetBrains Security Bulletin Q3 2019