Vulnerabilities > Eclipse > Memory Analyzer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-11 | CVE-2023-6194 | XXE vulnerability in Eclipse Memory Analyzer In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. | 7.1 |
| 2020-01-17 | CVE-2019-17635 | Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer 1.9.1 Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. | 6.8 |
| 2020-01-17 | CVE-2019-17634 | Cross-site Scripting vulnerability in Eclipse Memory Analyzer 1.9.1 Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. | 8.5 |