Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-15 | CVE-2019-17639 | Type Confusion vulnerability in Eclipse Openj9 In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. | 5.3 |
| 2020-07-15 | CVE-2019-17637 | XXE vulnerability in multiple products In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. | 7.1 |
| 2020-07-09 | CVE-2019-17638 | Operation on a Resource after Expiration or Release vulnerability in Eclipse Jetty 9.4.27/9.4.28/9.4.29 In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. | 9.4 |
| 2020-04-03 | CVE-2020-10689 | Unspecified vulnerability in Eclipse CHE A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. low complexity eclipse | 6.8 |
| 2020-03-10 | CVE-2019-17636 | Insufficient Verification of Data Authenticity vulnerability in Eclipse Theia In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. | 8.1 |
| 2020-02-12 | CVE-2014-9390 | Improper Input Validation vulnerability in multiple products Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. | 9.8 |
| 2020-01-17 | CVE-2019-17635 | Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. | 7.8 |
| 2020-01-17 | CVE-2019-17634 | Cross-site Scripting vulnerability in Eclipse Memory Analyzer Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. | 9.0 |
| 2019-12-19 | CVE-2019-17633 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. | 8.8 |
| 2019-11-25 | CVE-2019-17632 | Cross-site Scripting vulnerability in Eclipse Jetty 9.4.21/9.4.22/9.4.23 In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output. | 6.1 |