Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-13 | CVE-2018-20145 | Incorrect Permission Assignment for Critical Resource vulnerability in Eclipse Mosquitto Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored. | 7.5 |
| 2018-11-15 | CVE-2018-12543 | Improper Input Validation vulnerability in Eclipse Mosquitto 1.5.1/1.5.2 In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. | 7.5 |
| 2018-10-10 | CVE-2018-12544 | XXE vulnerability in Eclipse Vert.X In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. | 9.8 |
| 2018-10-10 | CVE-2018-12542 | Path Traversal vulnerability in Eclipse Vert.X In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems. | 9.8 |
| 2018-10-10 | CVE-2018-12541 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eclipse Vert.X In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. | 6.5 |
| 2018-08-20 | CVE-2018-1000644 | XXE vulnerability in Eclipse Rdf4J Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. | 10.0 |
| 2018-08-14 | CVE-2018-12539 | Deserialization of Untrusted Data vulnerability in multiple products In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. | 7.8 |
| 2018-08-14 | CVE-2018-12537 | Improper Input Validation vulnerability in Eclipse Vert.X In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. | 5.3 |
| 2018-07-18 | CVE-2018-14371 | Path Traversal vulnerability in Eclipse Mojarra The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. | 7.5 |
| 2018-07-12 | CVE-2018-12540 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse Vert.X In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. | 8.8 |