Filtered by vendor Jetbrains
Subscriptions
Filtered by product Intellij Idea
Subscriptions
Total
50 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-30504 | 1 Jetbrains | 1 Intellij Idea | 2021-05-14 | 7.5 High |
In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation. | ||||
CVE-2021-25756 | 1 Jetbrains | 1 Intellij Idea | 2021-02-05 | 5.3 Medium |
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS. | ||||
CVE-2020-27622 | 1 Jetbrains | 1 Intellij Idea | 2020-11-23 | 5.3 Medium |
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. | ||||
CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | ||||
CVE-2019-9872 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | ||||
CVE-2019-9823 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | ||||
CVE-2019-18361 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 5.3 Medium |
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. | ||||
CVE-2019-10104 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | ||||
CVE-2020-11690 | 1 Jetbrains | 1 Intellij Idea | 2020-04-29 | 9.8 Critical |
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. | ||||
CVE-2020-7904 | 1 Jetbrains | 1 Intellij Idea | 2020-02-01 | 7.4 High |
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. |