RSS   Vulnerabilities for 'Intellij idea'   RSS

2021-05-11
 
CVE-2021-29263

NVD-CWE-noinfo
 

 
In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS.

 
 
CVE-2021-30006

CWE-611
 

 
In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.

 
 
CVE-2021-30504

CWE-400
 

 
In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation.

 
2021-02-03
 
CVE-2021-25758

CWE-502
 

 
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to code execution.

 
 
CVE-2021-25756

NVD-CWE-noinfo
 

 
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.

 
2020-11-16
 
CVE-2020-27622

NVD-CWE-noinfo
 

 
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.

 
2020-04-22
 
CVE-2020-11690

NVD-CWE-Other
 

 
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.

 
2020-01-31
 
CVE-2020-7914

CWE-200
 

 
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.

 
2020-01-30
 
CVE-2020-7905

CWE-200
 

 
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.

 
 
CVE-2020-7904

CWE-295
 

 
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.

 


Copyright 2021, cxsecurity.com

 

Back to Top