Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-09 | CVE-2023-24815 | Path Traversal vulnerability in Eclipse Vert.X-Web Vert.x-Web is a set of building blocks for building web applications in the java programming language. | 5.3 |
| 2023-01-27 | CVE-2022-2712 | Path Traversal vulnerability in Eclipse Glassfish 5.1.0/6.0.0/6.2.5 In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. | 7.5 |
| 2022-11-10 | CVE-2022-36022 | Use of Insufficiently Random Values vulnerability in Eclipse Deeplearning4J Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. | 5.3 |
| 2022-11-10 | CVE-2022-39368 | Incomplete Cleanup vulnerability in Eclipse Californium Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. | 8.2 |
| 2022-10-24 | CVE-2022-3676 | Type Confusion vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. | 6.5 |
| 2022-08-16 | CVE-2022-2838 | XXE vulnerability in Eclipse Sphinx In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests. | 5.3 |
| 2022-07-08 | CVE-2021-41037 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Eclipse Equinox P2 In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. | 8.0 |
| 2022-07-07 | CVE-2021-41042 | XXE vulnerability in Eclipse LYO 1.0.0/4.1.0 In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. | 5.3 |
| 2022-07-07 | CVE-2022-2047 | Improper Input Validation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. | 2.7 |
| 2022-07-07 | CVE-2022-2048 | In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. | 7.5 |