Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-15 | CVE-2019-17640 | Path Traversal vulnerability in Eclipse Vert.X In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. | 9.8 |
| 2020-07-15 | CVE-2019-17639 | Type Confusion vulnerability in Eclipse Openj9 In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. | 5.0 |
| 2020-07-15 | CVE-2019-17637 | XXE vulnerability in multiple products In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. | 7.1 |
| 2020-07-09 | CVE-2019-17638 | Operation on a Resource after Expiration or Release vulnerability in Eclipse Jetty 9.4.27/9.4.28/9.4.29 In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. | 9.4 |
| 2020-04-03 | CVE-2020-10689 | Unspecified vulnerability in Eclipse CHE A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. low complexity eclipse | 6.8 |
| 2020-03-10 | CVE-2019-17636 | Insufficient Verification of Data Authenticity vulnerability in Eclipse Theia In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. | 5.8 |
| 2020-02-12 | CVE-2014-9390 | Improper Input Validation vulnerability in multiple products Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. | 7.5 |
| 2020-01-17 | CVE-2019-17635 | Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer 1.9.1 Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. | 6.8 |
| 2020-01-17 | CVE-2019-17634 | Cross-site Scripting vulnerability in Eclipse Memory Analyzer 1.9.1 Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. | 8.5 |
| 2019-12-19 | CVE-2019-17633 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. | 6.8 |