Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-11 | CVE-2024-10917 | Integer Overflow or Wraparound vulnerability in Eclipse Openj9 In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. | 5.3 |
| 2024-10-14 | CVE-2024-6762 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Jetty Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. | 6.5 |
| 2024-10-14 | CVE-2024-6763 | Unspecified vulnerability in Eclipse Jetty Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . | 5.3 |
| 2024-10-14 | CVE-2024-8184 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Jetty There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. | 6.5 |
| 2024-10-11 | CVE-2024-8376 | Improper Handling of Exceptional Conditions vulnerability in Eclipse Mosquitto In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | 7.5 |
| 2024-09-30 | CVE-2024-9329 | Open Redirect vulnerability in Eclipse Glassfish In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. | 6.1 |
| 2024-09-27 | CVE-2024-9202 | Missing Authorization vulnerability in Eclipse Dataspace Components In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single dataset, which should be subject to the same filtering process, but currently is missing the correct filtering. This enables parties to potentially see datasets they should not have access to, thereby exposing sensitive information. | 5.3 |
| 2024-09-11 | CVE-2024-8642 | Improper Authentication vulnerability in Eclipse Dataspace Components In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. | 8.1 |
| 2024-09-11 | CVE-2024-8646 | Open Redirect vulnerability in Eclipse Glassfish In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/'). | 6.1 |
| 2024-09-04 | CVE-2024-8391 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Vert.X In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) | 7.5 |