Vulnerabilities > Eclipse > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-5763 | Improper Control of Dynamically-Managed Code Resources vulnerability in Eclipse Glassfish 5.1.0/6.0.0/6.2.5 In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners. | 9.8 |
| 2023-09-21 | CVE-2023-4760 | Path Traversal vulnerability in Eclipse Remote Application Platform In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. | 9.8 |
| 2023-08-31 | CVE-2023-41034 | XXE vulnerability in Eclipse Leshan Eclipse Leshan is a device management server and client Java implementation. | 9.8 |
| 2023-05-22 | CVE-2023-2597 | Out-of-bounds Read vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. | 9.1 |
| 2022-07-18 | CVE-2015-8031 | XXE vulnerability in Eclipse Hudson Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks. | 9.8 |
| 2022-05-05 | CVE-2021-38441 | Write-what-where Condition vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. | 9.8 |
| 2022-05-05 | CVE-2021-38443 | Improper Handling of Syntactically Invalid Structure vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. | 9.8 |
| 2021-11-03 | CVE-2021-41036 | Out-of-bounds Write vulnerability in Eclipse Paho Mqtt C/C++ Client 1.0.0 In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. | 9.8 |
| 2021-10-25 | CVE-2021-41035 | Unspecified vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. | 9.8 |
| 2021-09-09 | CVE-2021-32834 | Expression Language Injection vulnerability in Eclipse Keti Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). | 9.9 |