Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2024-09-30 CVE-2024-9329 Open Redirect vulnerability in Eclipse Glassfish
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'.
network
low complexity
eclipse CWE-601
6.1
2024-09-11 CVE-2024-8642 Improper Authentication vulnerability in Eclipse Dataspace Components
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration.
network
low complexity
eclipse CWE-287
8.1
2024-09-11 CVE-2024-8646 Open Redirect vulnerability in Eclipse Glassfish
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').
network
low complexity
eclipse CWE-601
6.1
2024-09-04 CVE-2024-8391 Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Vert.X
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).  This is fixed in the 4.5.10 version.  Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)
network
low complexity
eclipse CWE-770
7.5
2023-12-11 CVE-2023-6194 XXE vulnerability in Eclipse Memory Analyzer
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.
local
low complexity
eclipse CWE-611
7.1
2023-11-15 CVE-2023-5676 Race Condition vulnerability in Eclipse Openj9
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
network
high complexity
eclipse CWE-362
5.9
2023-11-09 CVE-2023-4218 XXE vulnerability in Eclipse IDE
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks.
local
low complexity
eclipse CWE-611
5.0
2023-11-03 CVE-2023-4043 Excessive Iteration vulnerability in Eclipse Parsson
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.
network
low complexity
eclipse CWE-834
7.5
2023-11-03 CVE-2023-5763 Improper Control of Dynamically-Managed Code Resources vulnerability in Eclipse Glassfish 5.1.0/6.0.0/6.2.5
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
network
low complexity
eclipse CWE-913
critical
9.8
2023-10-18 CVE-2023-5632 Excessive Iteration vulnerability in Eclipse Mosquitto
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption.
network
low complexity
eclipse CWE-834
7.5