Vulnerabilities > Eclipse > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-09 CVE-2020-27225 Missing Authentication for Critical Function vulnerability in Eclipse Platform
In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
local
low complexity
eclipse CWE-306
7.8
2021-02-03 CVE-2020-27222 Unspecified vulnerability in Eclipse Californium
In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state.
network
low complexity
eclipse
7.5
2021-01-20 CVE-2020-35217 Cross-Site Request Forgery (CSRF) vulnerability in Eclipse Vert.X-Web 4.0.0
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification.
network
low complexity
eclipse CWE-352
8.8
2021-01-14 CVE-2020-27220 Missing Authorization vulnerability in Eclipse Hono
The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device.
network
low complexity
eclipse CWE-862
8.8
2020-12-14 CVE-2020-14368 Unspecified vulnerability in Eclipse CHE
A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces.
network
high complexity
eclipse
7.1
2020-11-13 CVE-2020-27217 Unspecified vulnerability in Eclipse Hono 1.3.0/1.4.0
In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices.
network
low complexity
eclipse
7.5
2020-10-23 CVE-2020-27216 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system.
local
high complexity
eclipse netapp oracle apache debian
7.0
2020-07-15 CVE-2019-17637 XXE vulnerability in multiple products
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.
local
low complexity
eclipse debian CWE-611
7.1
2020-03-10 CVE-2019-17636 Insufficient Verification of Data Authenticity vulnerability in Eclipse Theia
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com.
network
low complexity
eclipse CWE-345
8.1
2020-01-17 CVE-2019-17635 Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer.
local
low complexity
eclipse CWE-502
7.8