Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2021-01-14 CVE-2020-27220 Missing Authorization vulnerability in Eclipse Hono
The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device.
network
low complexity
eclipse CWE-862
critical
9.0
2021-01-14 CVE-2020-27219 Cross-Site Scripting vulnerability in Eclipse Hawkbit
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute.
network
eclipse CWE-79
4.3
2020-12-14 CVE-2020-14368 Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE
A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces.
network
high complexity
eclipse CWE-352
4.6
2020-11-28 CVE-2020-27218 Unspecified vulnerability in Eclipse Jetty
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body.
network
eclipse
5.8
2020-11-13 CVE-2020-27217 Unspecified vulnerability in Eclipse Hono 1.3.0/1.4.0
In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices.
network
low complexity
eclipse
5.0
2020-10-23 CVE-2020-27216 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system.
local
eclipse netapp
4.4
2020-10-15 CVE-2019-17640 Path Traversal vulnerability in Eclipse Vert.X
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.
network
low complexity
eclipse CWE-22
7.5
2020-07-15 CVE-2019-17639 Type Confusion vulnerability in Eclipse Openj9
In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value.
network
low complexity
eclipse CWE-843
5.0
2020-07-15 CVE-2019-17637 XXE vulnerability in Eclipse web Tools Platform 3.16/3.17/3.18
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.
5.8
2020-07-09 CVE-2019-17638 Operation ON A Resource After Expiration OR Release vulnerability in Eclipse Jetty 9.4.27/9.4.28/9.4.29
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error.
network
low complexity
eclipse CWE-672
7.5