Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2023-11-09 CVE-2023-4218 XXE vulnerability in Eclipse IDE
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks.
local
low complexity
eclipse CWE-611
5.0
2023-11-03 CVE-2023-4043 Excessive Iteration vulnerability in Eclipse Parsson
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.
network
low complexity
eclipse CWE-834
7.5
2023-11-03 CVE-2023-5763 Improper Control of Dynamically-Managed Code Resources vulnerability in Eclipse Glassfish 5.1.0/6.0.0/6.2.5
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
network
low complexity
eclipse CWE-913
critical
9.8
2023-10-18 CVE-2023-5632 Excessive Iteration vulnerability in Eclipse Mosquitto
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption.
network
low complexity
eclipse CWE-834
7.5
2023-10-10 CVE-2023-36478 Eclipse Jetty provides a web server and servlet container.
network
low complexity
eclipse jenkins debian
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-10-02 CVE-2023-3592 Memory Leak vulnerability in Eclipse Mosquitto
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
network
low complexity
eclipse CWE-401
7.5
2023-10-02 CVE-2023-0809 Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Mosquitto
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
network
low complexity
eclipse CWE-770
5.3
2023-09-21 CVE-2023-4760 Path Traversal vulnerability in Eclipse Remote Application Platform
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method.
network
low complexity
eclipse CWE-22
critical
9.8
2023-09-15 CVE-2023-41900 Improper Authentication vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian CWE-287
4.3