Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2021-07-15 CVE-2021-34429 Information Exposure vulnerability in Eclipse Jetty
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints.
network
low complexity
eclipse CWE-200
5.0
2021-07-08 CVE-2021-34430 Inadequate Encryption Strength vulnerability in Eclipse Tinydtls 0.8.1/0.8.2/0.9
Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.
network
low complexity
eclipse CWE-326
5.0
2021-06-25 CVE-2021-34427 Improper Input Validation vulnerability in Eclipse Business Intelligence and Reporting Tools
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
network
low complexity
eclipse CWE-20
7.5
2021-06-22 CVE-2021-34428 Insufficient Session Expiration vulnerability in Eclipse Jetty
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager.
local
low complexity
eclipse CWE-613
3.6
2021-06-09 CVE-2021-28169 Information Exposure vulnerability in multiple products
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.
network
low complexity
eclipse debian CWE-200
5.0
2021-06-02 CVE-2020-6950 Path Traversal vulnerability in Eclipse Mojarra
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
network
low complexity
eclipse CWE-22
5.0
2021-05-26 CVE-2021-28170 Improper Input Validation vulnerability in Eclipse Jakarta Expression Language Implementation
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
network
low complexity
eclipse CWE-20
5.0
2021-04-22 CVE-2021-28168 Incorrect Permission Assignment for Critical Resource vulnerability in Eclipse Jersey
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability.
local
low complexity
eclipse CWE-732
2.1
2021-04-21 CVE-2021-28167 Missing Initialization of Resource vulnerability in Eclipse Openj9
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries.
network
low complexity
eclipse CWE-909
6.4
2021-04-07 CVE-2021-28166 Null Pointer Dereference vulnerability in Eclipse Mosquitto
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.
network
low complexity
eclipse CWE-476
4.0