Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-31211

CVE-2021-31214

Windows Media Foundation Core Remote Code Execution Vulnerability

CVE-2021-31192

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2021-31181

Hyper-V Remote Code Execution Vulnerability

CVE-2021-28476

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31195.

CVE-2021-31198

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.

JetBrains News Security

**JetBrains Security Bulletin Q1 2021**

In the first quarter of 2021, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

**Product**

**Description**

**Severity**

**Resolved in**

**CVE/CWE**

Code With Me

A client could execute code in read-only mode (CWM-1235)

Medium

Compatible IDEs 2021.1 version

CVE-2021-31899

Code With Me

A client could open a browser on the host (CWM-1769)

Low

Compatible IDEs 2021.1 version

CVE-2021-31900

Exception Analyzer

No throttling on the Exception Analyzer login page. Reported by Ashhad Ali (EXA-760)

Low

Not applicable

Not applicable

IntelliJ IDEA

XXE in License server functionality. Reported by Reef Spektor (IDEA-260143)

High

2020.3.3

CVE-2021-30006

IntelliJ IDEA

Code execution without user confirmation was possible for untrusted projects (IDEA-260911, IDEA-260912, IDEA-260913, IDEA-261846, IDEA-261851, IDEA-262917, IDEA-263981, IDEA-264782)

Medium

2020.3.3

CVE-2021-29263

IntelliJ IDEA

Possible DoS. Reported by Arun Malik (IDEA-261832)

Medium

2021.1

CVE-2021-30504

JetBrains Academy

Potential takeover of a future account with a known email address. Reported by Vansh Devgan (JBA-110)

Low

Not applicable

Not applicable

JetBrains Account

Sensitive account URLs were shared with third parties. Reported by Vikram Naidu (JPF-11338)

High

2021.02

Not applicable

JetBrains Websites

Reflected XSS at blog.jetbrains.com. Reported by Peter Af Geijerstam and Jai Kumar (JS-14554, JS-14562)

Low

Not applicable

Not applicable

Hub

Two-factor authentication wasn’t enabled properly for the “All Users” group (JPS-10694)

Low

2021.1.13079

CVE-2021-31901

YouTrack

Stored XSS via attached file. Reported by Mikhail Klyuchnikov (JT-62530)

Medium

2020.6.6441

CVE-2021-27733

YouTrack

Pull request title was insufficiently sanitized (JT-62556)

Medium

2021.1.9819

CVE-2021-31903

YouTrack

Improper access control while exporting issues (JT-62649)

High

2020.6.6600

CVE-2021-31902

YouTrack

Information disclosure in issue preview. Reported by Philip Wedemann (JT-62919)

High

2020.6.8801

CVE-2021-31905

PyCharm

Code execution without user confirmation was possible for untrusted projects. Reported by Tony Torralba (PY-41524)

Medium

2020.3.4

CVE-2021-30005

Space

Insufficient CRLF sanitization in user input (SPACE-13955)

Low

Not applicable

Not applicable

TeamCity Cloud

Potential information disclosure via EC2 instance metadata (TCC-174, TCC-176)

Low

Not applicable

Not applicable

TeamCity Cloud

Temporary credentials disclosure via command injection. Reported by Chris Moore (TCC-196)

Major

Not applicable

Not applicable

TeamCity

Potential XSS on the test history page (TW-67710)

Medium

2020.2.2

CVE-2021-31904

TeamCity

TeamCity IntelliJ Plugin DOS. Reported by Jonathan Leitschuh (TW-69070)

Low

2020.2.2

CVE-2021-26310

TeamCity

Local information disclosure via a temporary file in the TeamCity IntelliJ Plugin. Reported by Jonathan Leitschuh (TW-69420)

Low

2020.2.2

CVE-2021-26309

YouTrack

Insufficient audit when an administrator uploads a file (TW-69511)

Low

2020.2.2

CVE-2021-31906

TeamCity

Improper permission checks for changing TeamCity plugins (TW-69521)

Low

2020.2.2

CVE-2021-31907

TeamCity

Potential XSS on the test page. Reported by Stephen Patches (TW-69737)

Low

2020.2.2

CVE-2021-3315

TeamCity

Argument injection leading to RCE (TW-70054)

High

2020.2.3

CVE-2021-31909

TeamCity

Stored XSS on several pages (TW-70078, TW-70348)

Medium

2020.2.3

CVE-2021-31908

TeamCity

Information disclosure via SSRF (TW-70079)

High

2020.2.3

CVE-2021-31910

TeamCity

Reflected XSS on several pages (TW-70093, TW-70094, TW-70095, TW-70096, TW-70137)

Medium

2020.2.3

CVE-2021-31911

TeamCity

Potential account takeover during password reset (TW-70303)

Medium

2020.2.3

CVE-2021-31912

TeamCity

Insufficient checks of the redirect\_uri during GitHub SSO token exchange (TW-70358)

Low

2020.2.3

CVE-2021-31913

TeamCity

Arbitrary code execution on TeamCity Server running on Windows. Reported by Chris Moore (TW-70512)

High

2020.2.4

CVE-2021-31914

TeamCity

Command injection leading to RCE. Reported by Chris Moore (TW-70541)

High

2020.2.4

CVE-2021-31915

Upsource

Application passwords were not revoked correctly. Reported by Thibaut Zonca (UP-10843)

High

2020.1.1883

CVE-2021-30482

WebStorm

HTTP requests were used instead of HTTPS (WEB-49549)

Low

2021.1

CVE-2021-31898

WebStorm

Code execution without user confirmation was possible for untrusted projects (WEB-49689, WEB-49902)

Low

2021.1

CVE-2021-31897

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team_  
The Drive to Develop_

CVE-2021-30005: JetBrains Security Bulletin Q1 2021 | JetBrains News

Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable.

**Impact**

_What kind of vulnerability is it? Who is impacted?_

An RCE exploit has been found in the Tickets module. This exploit allows discord users to craft a message that can reveal sensitive and harmful information

**Patches**

_Has the problem been patched? What versions should users upgrade to?_

Exploit patched with https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7

**Workarounds**

_Is there a way for users to fix or remediate the vulnerability without upgrading?_

Unload tickets to render the exploit unusable

**References**

_Are there any links users can visit to find out more?_

Commit https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in \[https://github.com/kennnyshiwa/kennnyshiwa-cogs\]
*   Post your question in https://discordapp.com/channels/240154543684321280/240212783503900673 in the \[https://discord.gg/GET4DVk\](Cog Support Server)

CVE-2021-29493: Remote Code Execution in Tickets Module

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)

CVE-2021-24252

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.

Tag

#rce