Vulnerabilities > Eclipse > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2021-32835 | Protection Mechanism Failure vulnerability in Eclipse Keti Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). | 9.9 |
| 2021-09-02 | CVE-2021-34436 | XXE vulnerability in Eclipse Theia 0.1.1/0.2.0 In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. | 9.8 |
| 2021-06-25 | CVE-2021-34427 | Unrestricted Upload of File with Dangerous Type vulnerability in Eclipse Business Intelligence and Reporting Tools In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. | 9.8 |
| 2021-02-24 | CVE-2020-27224 | Cross-site Scripting vulnerability in Eclipse Theia In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code. | 9.6 |
| 2021-01-21 | CVE-2020-27221 | Out-of-bounds Write vulnerability in Eclipse Openj9 In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. | 9.8 |
| 2020-10-15 | CVE-2019-17640 | Path Traversal vulnerability in Eclipse Vert.X In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. | 9.8 |
| 2020-07-09 | CVE-2019-17638 | Operation on a Resource after Expiration or Release vulnerability in Eclipse Jetty 9.4.27/9.4.28/9.4.29 In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. | 9.4 |
| 2020-02-12 | CVE-2014-9390 | Improper Input Validation vulnerability in multiple products Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. | 9.8 |
| 2020-01-17 | CVE-2019-17634 | Cross-site Scripting vulnerability in Eclipse Memory Analyzer Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. | 9.0 |
| 2019-10-17 | CVE-2019-17631 | Improper Privilege Management vulnerability in multiple products From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. | 9.1 |