Vulnerabilities > Eclipse > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-14 CVE-2024-6762 Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Jetty
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
network
low complexity
eclipse CWE-770
6.5
2024-10-14 CVE-2024-6763 Unspecified vulnerability in Eclipse Jetty
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine .
network
low complexity
eclipse
5.3
2024-10-14 CVE-2024-8184 Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Jetty
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.
network
low complexity
eclipse CWE-770
6.5
2024-09-30 CVE-2024-9329 Open Redirect vulnerability in Eclipse Glassfish
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'.
network
low complexity
eclipse CWE-601
6.1
2024-09-11 CVE-2024-8646 Open Redirect vulnerability in Eclipse Glassfish
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').
network
low complexity
eclipse CWE-601
6.1
2023-11-15 CVE-2023-5676 Race Condition vulnerability in Eclipse Openj9
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
network
high complexity
eclipse CWE-362
5.9
2023-11-09 CVE-2023-4218 XXE vulnerability in Eclipse IDE
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks.
local
low complexity
eclipse CWE-611
5.0
2023-10-02 CVE-2023-0809 Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Mosquitto
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
network
low complexity
eclipse CWE-770
5.3
2023-09-15 CVE-2023-41900 Improper Authentication vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian CWE-287
4.3
2023-09-15 CVE-2023-40167 Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian
5.3