Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-26049 | Information Exposure vulnerability in multiple products Jetty is a java based web server and servlet engine. | 5.3 |
| 2023-03-15 | CVE-2023-0100 | Unspecified vulnerability in Eclipse Business Intelligence and Reporting Tools In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. | 8.8 |
| 2023-02-09 | CVE-2023-24815 | Path Traversal vulnerability in Eclipse Vert.X-Web Vert.x-Web is a set of building blocks for building web applications in the java programming language. | 5.3 |
| 2023-01-27 | CVE-2022-2712 | Path Traversal vulnerability in Eclipse Glassfish 5.1.0/6.0.0/6.2.5 In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. | 7.5 |
| 2022-11-10 | CVE-2022-36022 | Use of Insufficiently Random Values vulnerability in Eclipse Deeplearning4J Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. | 5.3 |
| 2022-11-10 | CVE-2022-39368 | Incomplete Cleanup vulnerability in Eclipse Californium Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. | 8.2 |
| 2022-10-24 | CVE-2022-3676 | Type Confusion vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. | 6.5 |
| 2022-08-16 | CVE-2022-2838 | XXE vulnerability in Eclipse Sphinx In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests. | 5.3 |
| 2022-07-08 | CVE-2021-41037 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Eclipse Equinox P2 In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. | 6.8 |
| 2022-07-07 | CVE-2021-41042 | XXE vulnerability in Eclipse LYO 1.0.0/4.1.0 In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. | 5.3 |