Vulnerabilities > Eclipse > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-5763 Improper Control of Dynamically-Managed Code Resources vulnerability in Eclipse Glassfish 5.1.0/6.0.0/6.2.5
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
network
low complexity
eclipse CWE-913
critical
9.8
2023-09-21 CVE-2023-4760 Path Traversal vulnerability in Eclipse Remote Application Platform
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method.
network
low complexity
eclipse CWE-22
critical
9.8
2023-08-31 CVE-2023-41034 Unspecified vulnerability in Eclipse Leshan
Eclipse Leshan is a device management server and client Java implementation.
network
low complexity
eclipse
critical
9.8
2023-05-22 CVE-2023-2597 Out-of-bounds Read vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
network
low complexity
eclipse CWE-125
critical
9.1
2022-07-18 CVE-2015-8031 XXE vulnerability in Eclipse Hudson
Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.
network
low complexity
eclipse CWE-611
critical
9.8
2022-05-05 CVE-2021-38441 Unspecified vulnerability in Eclipse Cyclonedds
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
network
low complexity
eclipse
critical
9.8
2022-05-05 CVE-2021-38443 Unspecified vulnerability in Eclipse Cyclonedds
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
network
low complexity
eclipse
critical
9.8
2021-11-03 CVE-2021-41036 Out-of-bounds Write vulnerability in Eclipse Paho Mqtt C/C++ Client 1.0.0
In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.
network
low complexity
eclipse CWE-787
critical
9.8
2021-10-25 CVE-2021-41035 Unspecified vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.
network
low complexity
eclipse
critical
9.8
2021-09-09 CVE-2021-32834 Expression Language Injection vulnerability in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).
network
low complexity
eclipse CWE-917
critical
9.9