Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2022-07-08 CVE-2021-41037 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Eclipse Equinox P2
In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation.
network
eclipse CWE-829
6.8
2022-07-07 CVE-2021-41042 XXE vulnerability in Eclipse LYO
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML.
network
low complexity
eclipse CWE-611
5.0
2022-07-07 CVE-2022-2047 Improper Input Validation vulnerability in Eclipse Jetty
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname.
network
low complexity
eclipse CWE-20
4.0
2022-07-07 CVE-2022-2048 Resource Exhaustion vulnerability in Eclipse Jetty
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources.
network
low complexity
eclipse CWE-400
5.0
2022-07-07 CVE-2022-2191 Improper Resource Shutdown or Release vulnerability in Eclipse Jetty
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
network
low complexity
eclipse CWE-404
5.0
2022-05-05 CVE-2021-38441 Write-what-where Condition vulnerability in Eclipse Cyclonedds
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
network
low complexity
eclipse CWE-123
7.5
2022-05-05 CVE-2021-38443 Improper Handling of Syntactically Invalid Structure vulnerability in Eclipse Cyclonedds
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
network
low complexity
eclipse CWE-228
7.5
2022-04-27 CVE-2021-41041 Unchecked Return Value vulnerability in multiple products
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.
network
low complexity
eclipse oracle CWE-252
5.0
2022-02-18 CVE-2022-0672 Information Exposure vulnerability in Eclipse Lemminx
A flaw was found in LemMinX in versions prior to 0.19.0.
local
low complexity
eclipse CWE-200
2.1
2022-02-18 CVE-2022-0673 Path Traversal vulnerability in Eclipse Lemminx
A flaw was found in LemMinX in versions prior to 0.19.0.
network
low complexity
eclipse CWE-22
6.4