Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2021-04-22 CVE-2021-28168 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability.
local
low complexity
eclipse oracle CWE-668
5.5
2021-04-21 CVE-2021-28167 Missing Initialization of Resource vulnerability in Eclipse Openj9
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries.
network
low complexity
eclipse CWE-909
6.5
2021-04-07 CVE-2021-28166 NULL Pointer Dereference vulnerability in Eclipse Mosquitto
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.
network
low complexity
eclipse CWE-476
4.0
2021-04-01 CVE-2021-28165 Improper Handling of Exceptional Conditions vulnerability in multiple products
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
network
low complexity
eclipse oracle jenkins netapp CWE-755
7.5
2021-04-01 CVE-2021-28164 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory.
network
low complexity
eclipse netapp oracle
5.3
2021-04-01 CVE-2021-28163 Link Following vulnerability in multiple products
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
network
low complexity
eclipse fedoraproject apache netapp oracle CWE-59
2.7
2021-03-12 CVE-2021-28162 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Eclipse Theia
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
network
eclipse CWE-829
4.3
2021-03-12 CVE-2021-28161 Cross-site Scripting vulnerability in Eclipse Theia
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
network
eclipse CWE-79
4.3
2021-03-09 CVE-2020-27225 Missing Authentication for Critical Function vulnerability in Eclipse Platform
In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
local
low complexity
eclipse CWE-306
4.6
2021-02-26 CVE-2020-27223 Resource Exhaustion vulnerability in multiple products
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e.
network
low complexity
eclipse apache netapp debian oracle CWE-400
5.3