Vulnerabilities > Eclipse > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-20 | CVE-2017-8315 | XXE vulnerability in Eclipse IDE 2017.2.5 Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. | 7.5 |
| 2017-06-16 | CVE-2017-9735 | Information Exposure Through Discrepancy vulnerability in multiple products Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. | 7.5 |
| 2017-03-24 | CVE-2017-7243 | NULL Pointer Dereference vulnerability in Eclipse Tinydtls 0.8.2 Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. | 7.5 |
| 2016-10-07 | CVE-2015-2080 | Information Exposure vulnerability in multiple products The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. | 7.5 |