Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-07 | CVE-2022-2191 | Improper Resource Shutdown or Release vulnerability in Eclipse Jetty In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. | 5.0 |
| 2022-05-05 | CVE-2021-38441 | Write-what-where Condition vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. | 7.5 |
| 2022-05-05 | CVE-2021-38443 | Improper Handling of Syntactically Invalid Structure vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. | 7.5 |
| 2022-04-27 | CVE-2021-41041 | Unchecked Return Value vulnerability in multiple products In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | 5.0 |
| 2022-02-18 | CVE-2022-0672 | Information Exposure vulnerability in Eclipse Lemminx A flaw was found in LemMinX in versions prior to 0.19.0. | 2.1 |
| 2022-02-18 | CVE-2022-0673 | Path Traversal vulnerability in Eclipse Lemminx A flaw was found in LemMinX in versions prior to 0.19.0. | 6.4 |
| 2022-02-01 | CVE-2021-41040 | Out-of-bounds Read vulnerability in Eclipse Wakaama 1.0 In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data. | 5.0 |
| 2021-12-01 | CVE-2021-41039 | Unspecified vulnerability in Eclipse Mosquitto In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. | 7.5 |
| 2021-11-10 | CVE-2021-41038 | Unspecified vulnerability in Eclipse Theia In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage(). network eclipse | 4.3 |
| 2021-11-03 | CVE-2021-41036 | Out-of-bounds Write vulnerability in Eclipse Paho Mqtt C/C++ Client In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. | 7.5 |