Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-40167 | Improper Handling of Length Parameter Inconsistency vulnerability in multiple products Jetty is a Java based web server and servlet engine. | 5.3 |
| 2023-09-15 | CVE-2023-36479 | Improper Neutralization of Quoting Syntax vulnerability in multiple products Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. | 4.3 |
| 2023-09-12 | CVE-2023-4759 | Improper Handling of Case Sensitivity vulnerability in Eclipse Jgit Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). | 8.8 |
| 2023-09-01 | CVE-2023-28366 | Memory Leak vulnerability in Eclipse Mosquitto The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. | 7.5 |
| 2023-08-31 | CVE-2023-41034 | XXE vulnerability in Eclipse Leshan Eclipse Leshan is a device management server and client Java implementation. | 9.8 |
| 2023-05-22 | CVE-2023-2597 | Out-of-bounds Read vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. | 9.1 |
| 2023-05-12 | CVE-2023-32081 | Improper Authentication vulnerability in Eclipse Vert.X Stomp Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. | 6.5 |
| 2023-04-18 | CVE-2023-26048 | Resource Exhaustion vulnerability in Eclipse Jetty Jetty is a java based web server and servlet engine. | 5.3 |
| 2023-04-18 | CVE-2023-26049 | Information Exposure vulnerability in multiple products Jetty is a java based web server and servlet engine. | 5.3 |
| 2023-03-15 | CVE-2023-0100 | Unspecified vulnerability in Eclipse Business Intelligence and Reporting Tools In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. | 8.8 |