Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-07 | CVE-2021-41042 | XXE vulnerability in Eclipse LYO 1.0.0/4.1.0 In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. | 5.3 |
| 2022-07-07 | CVE-2022-2047 | Improper Input Validation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. | 2.7 |
| 2022-07-07 | CVE-2022-2048 | In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. | 7.5 |
| 2022-07-07 | CVE-2022-2191 | Improper Resource Shutdown or Release vulnerability in Eclipse Jetty In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. | 7.5 |
| 2022-05-05 | CVE-2021-38441 | Unspecified vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. | 9.8 |
| 2022-05-05 | CVE-2021-38443 | Unspecified vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. | 9.8 |
| 2022-04-27 | CVE-2021-41041 | Unchecked Return Value vulnerability in multiple products In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | 5.3 |
| 2022-02-18 | CVE-2022-0672 | Information Exposure vulnerability in Eclipse Lemminx A flaw was found in LemMinX in versions prior to 0.19.0. | 5.5 |
| 2022-02-18 | CVE-2022-0673 | Path Traversal vulnerability in Eclipse Lemminx A flaw was found in LemMinX in versions prior to 0.19.0. | 6.5 |
| 2022-02-01 | CVE-2021-41040 | Out-of-bounds Read vulnerability in Eclipse Wakaama 1.0 In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data. | 7.5 |