Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2020-27224 | Cross-site Scripting vulnerability in Eclipse Theia In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code. | 9.3 |
| 2021-02-03 | CVE-2020-27222 | Unspecified vulnerability in Eclipse Californium In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. | 5.0 |
| 2021-01-21 | CVE-2020-27221 | Out-of-bounds Write vulnerability in Eclipse Openj9 In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. | 7.5 |
| 2021-01-20 | CVE-2020-35217 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse Vert.X-Web 4.0.0 Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. | 6.8 |
| 2021-01-14 | CVE-2020-27220 | Missing Authorization vulnerability in Eclipse Hono The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. | 9.0 |
| 2021-01-14 | CVE-2020-27219 | Cross-site Scripting vulnerability in Eclipse Hawkbit In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. | 4.3 |
| 2020-12-14 | CVE-2020-14368 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. | 4.6 |
| 2020-11-28 | CVE-2020-27218 | In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. | 4.8 |
| 2020-11-13 | CVE-2020-27217 | Unspecified vulnerability in Eclipse Hono 1.3.0/1.4.0 In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. | 5.0 |
| 2020-10-23 | CVE-2020-27216 | In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. | 7.0 |