Vulnerabilities > Eclipse > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2021-32835 Unspecified vulnerability in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).
network
low complexity
eclipse
critical
9.9
2021-09-02 CVE-2021-34436 XXE vulnerability in Eclipse Theia 0.1.1/0.2.0
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension.
network
low complexity
eclipse CWE-611
critical
9.8
2021-06-25 CVE-2021-34427 Unrestricted Upload of File with Dangerous Type vulnerability in Eclipse Business Intelligence and Reporting Tools
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
network
low complexity
eclipse CWE-434
critical
9.8
2021-02-24 CVE-2020-27224 Cross-site Scripting vulnerability in Eclipse Theia
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.
network
low complexity
eclipse CWE-79
critical
9.6
2021-01-21 CVE-2020-27221 Out-of-bounds Write vulnerability in Eclipse Openj9
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
network
low complexity
eclipse CWE-787
critical
9.8
2020-10-15 CVE-2019-17640 Path Traversal vulnerability in Eclipse Vert.X
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.
network
low complexity
eclipse CWE-22
critical
9.8
2020-07-09 CVE-2019-17638 Operation on a Resource after Expiration or Release vulnerability in Eclipse Jetty 9.4.27/9.4.28/9.4.29
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error.
network
low complexity
eclipse CWE-672
critical
9.4
2020-02-12 CVE-2014-9390 Improper Input Validation vulnerability in multiple products
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
network
low complexity
git-scm mercurial apple eclipse libgit2 CWE-20
critical
9.8
2020-01-17 CVE-2019-17634 Cross-site Scripting vulnerability in Eclipse Memory Analyzer
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump.
network
low complexity
eclipse CWE-79
critical
9.0
2019-10-17 CVE-2019-17631 Improper Privilege Management vulnerability in multiple products
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
network
low complexity
eclipse redhat CWE-269
critical
9.1