Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2022-07-07 CVE-2022-2047 Improper Input Validation vulnerability in multiple products
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname.
network
low complexity
eclipse debian netapp CWE-20
2.7
2022-07-07 CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources.
network
low complexity
eclipse debian netapp jenkins
7.5
2022-07-07 CVE-2022-2191 Improper Resource Shutdown or Release vulnerability in Eclipse Jetty
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
network
low complexity
eclipse CWE-404
5.0
2022-05-05 CVE-2021-38441 Write-what-where Condition vulnerability in Eclipse Cyclonedds
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
network
low complexity
eclipse CWE-123
7.5
2022-05-05 CVE-2021-38443 Improper Handling of Syntactically Invalid Structure vulnerability in Eclipse Cyclonedds
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
network
low complexity
eclipse CWE-228
7.5
2022-04-27 CVE-2021-41041 Unchecked Return Value vulnerability in multiple products
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.
network
low complexity
eclipse oracle CWE-252
5.0
2022-02-18 CVE-2022-0672 Information Exposure vulnerability in Eclipse Lemminx
A flaw was found in LemMinX in versions prior to 0.19.0.
local
low complexity
eclipse CWE-200
2.1
2022-02-18 CVE-2022-0673 Path Traversal vulnerability in Eclipse Lemminx
A flaw was found in LemMinX in versions prior to 0.19.0.
network
low complexity
eclipse CWE-22
6.4
2022-02-01 CVE-2021-41040 Out-of-bounds Read vulnerability in Eclipse Wakaama 1.0
In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data.
network
low complexity
eclipse CWE-125
5.0
2021-12-01 CVE-2021-41039 Unspecified vulnerability in Eclipse Mosquitto
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
network
low complexity
eclipse
7.5