| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible |
| In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible |
| In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible |
| In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas |
| In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible |
| In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings |
| In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests |
| In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names |
| In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters |
| In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts |
| In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin |
| In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin |
| In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible |
| In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages |
| In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible |
| In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account |
| In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion |
| vim is vulnerable to Heap-based Buffer Overflow |
| In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on node footer in {read,write}_end_io
-----------[ cut here ]------------
kernel BUG at fs/f2fs/data.c:358!
Call Trace:
<IRQ>
blk_update_request+0x5eb/0xe70 block/blk-mq.c:987
blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149
blk_complete_reqs block/blk-mq.c:1224 [inline]
blk_done_softirq+0x107/0x160 block/blk-mq.c:1229
handle_softirqs+0x283/0x870 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
</IRQ>
In f2fs_write_end_io(), it detects there is inconsistency in between
node page index (nid) and footer.nid of node page.
If footer of node page is corrupted in fuzzed image, then we load corrupted
node page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(),
in where we won't do sanity check on node footer, once node page becomes
dirty, we will encounter this bug after node page writeback. |
| In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix unprivileged local user can do privileged policy management
An unprivileged local user can load, replace, and remove profiles by
opening the apparmorfs interfaces, via a confused deputy attack, by
passing the opened fd to a privileged process, and getting the
privileged process to write to the interface.
This does require a privileged target that can be manipulated to do
the write for the unprivileged process, but once such access is
achieved full policy management is possible and all the possible
implications that implies: removing confinement, DoS of system or
target applications by denying all execution, by-passing the
unprivileged user namespace restriction, to exploiting kernel bugs for
a local privilege escalation.
The policy management interface can not have its permissions simply
changed from 0666 to 0600 because non-root processes need to be able
to load policy to different policy namespaces.
Instead ensure the task writing the interface has privileges that
are a subset of the task that opened the interface. This is already
done via policy for confined processes, but unconfined can delegate
access to the opened fd, by-passing the usual policy check. |
