Chris Moore

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2020.2.3 Description: The issue is related to insufficient checks of the `redirect uri` during GitHub SSO token exchange. This could potentially lead to security issues, but specific details about the estimated number of affected devices or real-world incidents are not provided. Recommendations: For versions prior to 2020.2.3, update to version 2020.2.3 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2020.2.4 Description: The issue allows for arbitrary code execution on the TeamCity Server. This can be exploited in JetBrains TeamCity before version 2020.2.4 on Windows. Recommendations: For versions prior to 2020.2.4, update to version 2020.2.4 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2020.2.4 Description: The issue allows for OS command injection, which can lead to remote code execution. This means an attacker could potentially execute system-level commands on a vulnerable system, posing a significant security risk. Recommendations: For versions prior to 2020.2.4, update to version 2020.2.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** flex versions prior to 2.5.33 **Description** The issue is related to the allocation of memory for grammars containing REJECT statements or trailing context rules. This causes the generation of code that contains a buffer overflow, which might allow context-dependent attackers to execute arbitrary code. **Recommendations** For versions prior to 2.5.33, update to version 2.5.33 or later to resolve the issue.