Vulnerabilities > Eclipse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-07 | CVE-2024-4536 | Insufficiently Protected Credentials vulnerability in Eclipse EDC Connector In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. | 5.3 |
| 2023-11-15 | CVE-2023-5676 | Race Condition vulnerability in Eclipse Openj9 In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. | 5.9 |
| 2023-11-09 | CVE-2023-4218 | XXE vulnerability in Eclipse IDE In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. | 5.0 |
| 2023-10-02 | CVE-2023-0809 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Mosquitto In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. | 5.3 |
| 2023-09-15 | CVE-2023-41900 | Improper Authentication vulnerability in multiple products Jetty is a Java based web server and servlet engine. | 4.3 |
| 2023-09-15 | CVE-2023-40167 | Jetty is a Java based web server and servlet engine. | 5.3 |
| 2023-09-15 | CVE-2023-36479 | Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. | 4.3 |
| 2023-05-12 | CVE-2023-32081 | Unspecified vulnerability in Eclipse Vert.X Stomp Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. | 6.5 |
| 2023-04-18 | CVE-2023-26048 | Unspecified vulnerability in Eclipse Jetty Jetty is a java based web server and servlet engine. | 5.3 |
| 2023-04-18 | CVE-2023-26049 | Jetty is a java based web server and servlet engine. | 5.3 |