Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-25 | CVE-2019-17632 | Cross-site Scripting vulnerability in Eclipse Jetty 9.4.21/9.4.22/9.4.23 In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output. | 6.1 |
| 2019-11-06 | CVE-2009-5046 | Cross-site Scripting vulnerability in multiple products JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | 4.3 |
| 2019-11-06 | CVE-2009-5045 | Information Exposure vulnerability in multiple products Dump Servlet information leak in jetty before 6.1.22. | 5.0 |
| 2019-10-23 | CVE-2019-18213 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). | 6.5 |
| 2019-10-23 | CVE-2019-18212 | Path Traversal vulnerability in multiple products XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal. | 4.0 |
| 2019-10-17 | CVE-2019-17631 | Improper Privilege Management vulnerability in multiple products From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. | 6.4 |
| 2019-10-02 | CVE-2019-17091 | Cross-site Scripting vulnerability in multiple products faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. | 4.3 |
| 2019-09-19 | CVE-2019-11779 | Uncontrolled Recursion vulnerability in multiple products In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. | 6.5 |
| 2019-09-18 | CVE-2019-11778 | Use After Free vulnerability in Eclipse Mosquitto If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations. | 5.5 |
| 2019-09-12 | CVE-2019-11774 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Eclipse OMR Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. | 7.4 |