Vulnerabilities > Eclipse > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-09 | CVE-2020-27225 | Missing Authentication for Critical Function vulnerability in Eclipse Platform In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | 7.8 |
| 2021-02-03 | CVE-2020-27222 | Unspecified vulnerability in Eclipse Californium In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. | 7.5 |
| 2021-01-20 | CVE-2020-35217 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse Vert.X-Web 4.0.0 Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. | 8.8 |
| 2021-01-14 | CVE-2020-27220 | Missing Authorization vulnerability in Eclipse Hono The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. | 8.8 |
| 2020-12-14 | CVE-2020-14368 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. | 7.1 |
| 2020-11-13 | CVE-2020-27217 | Unspecified vulnerability in Eclipse Hono 1.3.0/1.4.0 In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. | 7.5 |
| 2020-10-23 | CVE-2020-27216 | In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. | 7.0 |
| 2020-07-15 | CVE-2019-17637 | XXE vulnerability in multiple products In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. | 7.1 |
| 2020-03-10 | CVE-2019-17636 | Insufficient Verification of Data Authenticity vulnerability in Eclipse Theia In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. | 8.1 |
| 2020-01-17 | CVE-2019-17635 | Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. | 7.8 |