Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-21 | CVE-2023-4760 | Path Traversal vulnerability in Eclipse Remote Application Platform In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. | 9.8 |
| 2023-09-15 | CVE-2023-41900 | Improper Authentication vulnerability in multiple products Jetty is a Java based web server and servlet engine. | 4.3 |
| 2023-09-15 | CVE-2023-40167 | Improper Handling of Length Parameter Inconsistency vulnerability in multiple products Jetty is a Java based web server and servlet engine. | 5.3 |
| 2023-09-15 | CVE-2023-36479 | Improper Neutralization of Quoting Syntax vulnerability in multiple products Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. | 4.3 |
| 2023-09-12 | CVE-2023-4759 | Improper Handling of Case Sensitivity vulnerability in Eclipse Jgit Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). | 8.8 |
| 2023-09-01 | CVE-2023-28366 | Memory Leak vulnerability in Eclipse Mosquitto The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. | 7.5 |
| 2023-08-31 | CVE-2023-41034 | XXE vulnerability in Eclipse Leshan Eclipse Leshan is a device management server and client Java implementation. | 9.8 |
| 2023-05-22 | CVE-2023-2597 | Out-of-bounds Read vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. | 9.1 |
| 2023-05-12 | CVE-2023-32081 | Improper Authentication vulnerability in Eclipse Vert.X Stomp Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. | 6.5 |
| 2023-04-18 | CVE-2023-26048 | Resource Exhaustion vulnerability in Eclipse Jetty Jetty is a java based web server and servlet engine. | 5.3 |