Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2019-05-06 CVE-2019-10249 Improper Encoding or Escaping of Output vulnerability in Eclipse Xtend and Xtext
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
network
high complexity
eclipse CWE-116
8.1
2019-04-22 CVE-2019-10248 Incorrect Resource Transfer Between Spheres vulnerability in Eclipse Vorto
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS.
network
high complexity
eclipse CWE-669
8.1
2019-04-22 CVE-2019-10247 Information Exposure vulnerability in multiple products
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path.
network
low complexity
eclipse netapp oracle debian CWE-200
5.3
2019-04-22 CVE-2019-10246 Information Exposure vulnerability in multiple products
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents.
network
low complexity
eclipse netapp oracle CWE-200
5.3
2019-04-22 CVE-2019-10241 Cross-site Scripting vulnerability in multiple products
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
network
low complexity
eclipse debian apache oracle CWE-79
6.1
2019-04-19 CVE-2019-10245 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes.
network
low complexity
eclipse redhat CWE-119
7.5
2019-04-09 CVE-2019-10244 XXE vulnerability in Eclipse Kura
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.
network
low complexity
eclipse CWE-611
7.5
2019-04-09 CVE-2019-10243 Information Exposure vulnerability in Eclipse Kura
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies.
network
low complexity
eclipse CWE-200
5.3
2019-04-09 CVE-2019-10242 Path Traversal vulnerability in Eclipse Kura
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
network
low complexity
eclipse CWE-22
5.3
2019-04-03 CVE-2019-10240 Cleartext Transmission of Sensitive Information vulnerability in Eclipse Hawkbit
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS.
network
high complexity
eclipse CWE-319
8.1