Vulnerabilities > Eclipse > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-11 CVE-2024-8376 Improper Handling of Exceptional Conditions vulnerability in Eclipse Mosquitto
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
network
low complexity
eclipse CWE-755
7.5
2024-09-11 CVE-2024-8642 Improper Authentication vulnerability in Eclipse Dataspace Components
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration.
network
low complexity
eclipse CWE-287
8.1
2024-09-04 CVE-2024-8391 Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Vert.X
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).  This is fixed in the 4.5.10 version.  Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)
network
low complexity
eclipse CWE-770
7.5
2023-12-11 CVE-2023-6194 XXE vulnerability in Eclipse Memory Analyzer
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.
local
low complexity
eclipse CWE-611
7.1
2023-11-03 CVE-2023-4043 Excessive Iteration vulnerability in Eclipse Parsson
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.
network
low complexity
eclipse CWE-834
7.5
2023-10-18 CVE-2023-5632 Excessive Iteration vulnerability in Eclipse Mosquitto
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption.
network
low complexity
eclipse CWE-834
7.5
2023-10-10 CVE-2023-36478 Eclipse Jetty provides a web server and servlet container.
network
low complexity
eclipse jenkins debian
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-10-02 CVE-2023-3592 Memory Leak vulnerability in Eclipse Mosquitto
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
network
low complexity
eclipse CWE-401
7.5
2023-09-12 CVE-2023-4759 Improper Handling of Case Sensitivity vulnerability in Eclipse Jgit
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier).
network
low complexity
eclipse CWE-178
8.8