Search
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51655 | 1 Jetbrains | 1 Intellij Idea | 2023-12-29 | N/A | 9.8 CRITICAL |
| In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration | |||||
| CVE-2023-39261 | 1 Jetbrains | 1 Intellij Idea | 2023-08-02 | N/A | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions | |||||
| CVE-2022-29813 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | |||||
| CVE-2022-29812 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 2.1 LOW | 2.3 LOW |
| In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient | |||||
| CVE-2022-29816 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 2.1 LOW | 3.3 LOW |
| In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible | |||||
| CVE-2022-29815 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | |||||
| CVE-2022-29814 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.4 MEDIUM | 7.7 HIGH |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | |||||
| CVE-2022-29817 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | |||||
| CVE-2022-29819 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.4 MEDIUM | 7.7 HIGH |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | |||||
| CVE-2022-29818 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 3.6 LOW | 7.1 HIGH |
| In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed | |||||
| CVE-2021-25758 | 1 Jetbrains | 1 Intellij Idea | 2021-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. | |||||
| CVE-2019-14954 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. | |||||
| CVE-2019-9186 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | |||||
| CVE-2020-7905 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. | |||||
| CVE-2020-7914 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. | |||||
| CVE-2021-29263 | 1 Jetbrains | 1 Intellij Idea | 2021-05-17 | 4.6 MEDIUM | 7.8 HIGH |
| In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS. | |||||
| CVE-2021-30006 | 1 Jetbrains | 1 Intellij Idea | 2021-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure. | |||||
| CVE-2021-30504 | 1 Jetbrains | 1 Intellij Idea | 2021-05-14 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation. | |||||
| CVE-2021-25756 | 1 Jetbrains | 1 Intellij Idea | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS. | |||||
| CVE-2020-27622 | 1 Jetbrains | 1 Intellij Idea | 2020-11-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. | |||||
| CVE-2019-10104 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | |||||
| CVE-2019-9872 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 4.3 MEDIUM | 8.1 HIGH |
| In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | |||||
| CVE-2019-9823 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | |||||
| CVE-2019-18361 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 4.6 MEDIUM | 5.3 MEDIUM |
| JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. | |||||
| CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | |||||
| CVE-2020-11690 | 1 Jetbrains | 1 Intellij Idea | 2020-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. | |||||
| CVE-2020-7904 | 1 Jetbrains | 1 Intellij Idea | 2020-02-01 | 5.8 MEDIUM | 7.4 HIGH |
| In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. | |||||
| CVE-2017-8316 | 1 Jetbrains | 1 Intellij Idea | 2018-10-23 | 7.8 HIGH | 7.5 HIGH |
| IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | |||||