Vulnerabilities > Eclipse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-14 | CVE-2024-6762 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Jetty Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. | 6.5 |
| 2024-10-14 | CVE-2024-6763 | Unspecified vulnerability in Eclipse Jetty Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . | 5.3 |
| 2024-10-14 | CVE-2024-8184 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Jetty There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. | 6.5 |
| 2024-09-30 | CVE-2024-9329 | Open Redirect vulnerability in Eclipse Glassfish In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. | 6.1 |
| 2024-09-11 | CVE-2024-8646 | Open Redirect vulnerability in Eclipse Glassfish In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/'). | 6.1 |
| 2023-11-15 | CVE-2023-5676 | Race Condition vulnerability in Eclipse Openj9 In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. | 5.9 |
| 2023-11-09 | CVE-2023-4218 | XXE vulnerability in Eclipse IDE In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. | 5.0 |
| 2023-10-02 | CVE-2023-0809 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Mosquitto In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. | 5.3 |
| 2023-09-15 | CVE-2023-41900 | Improper Authentication vulnerability in multiple products Jetty is a Java based web server and servlet engine. | 4.3 |
| 2023-09-15 | CVE-2023-40167 | Improper Handling of Length Parameter Inconsistency vulnerability in multiple products Jetty is a Java based web server and servlet engine. | 5.3 |