Vulnerabilities > Eclipse > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-03 | CVE-2021-41036 | Out-of-bounds Write vulnerability in Eclipse Paho Mqtt C/C++ Client 1.0.0 In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. | 9.8 |
| 2021-10-25 | CVE-2021-41035 | Unspecified vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. | 9.8 |
| 2021-09-09 | CVE-2021-32834 | Expression Language Injection vulnerability in Eclipse Keti Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). | 9.9 |
| 2021-09-09 | CVE-2021-32835 | Unspecified vulnerability in Eclipse Keti Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). | 9.9 |
| 2021-09-02 | CVE-2021-34436 | XXE vulnerability in Eclipse Theia 0.1.1/0.2.0 In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. | 9.8 |
| 2021-06-25 | CVE-2021-34427 | Unrestricted Upload of File with Dangerous Type vulnerability in Eclipse Business Intelligence and Reporting Tools In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. | 9.8 |
| 2021-02-24 | CVE-2020-27224 | Cross-site Scripting vulnerability in Eclipse Theia In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code. | 9.6 |
| 2021-01-21 | CVE-2020-27221 | Out-of-bounds Write vulnerability in Eclipse Openj9 In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. | 9.8 |
| 2020-10-15 | CVE-2019-17640 | Path Traversal vulnerability in Eclipse Vert.X In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. | 9.8 |
| 2020-07-09 | CVE-2019-17638 | Operation on a Resource after Expiration or Release vulnerability in Eclipse Jetty 9.4.27/9.4.28/9.4.29 In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. | 9.4 |