Vulnerabilities > Eclipse > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-05-07 CVE-2024-4536 Insufficiently Protected Credentials vulnerability in Eclipse EDC Connector
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature.
high complexity
eclipse CWE-522
5.3
2023-11-15 CVE-2023-5676 Race Condition vulnerability in Eclipse Openj9
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
network
high complexity
eclipse CWE-362
5.9
2023-11-09 CVE-2023-4218 XXE vulnerability in Eclipse IDE
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks.
local
low complexity
eclipse CWE-611
5.0
2023-10-02 CVE-2023-0809 Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Mosquitto
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
network
low complexity
eclipse CWE-770
5.3
2023-09-15 CVE-2023-41900 Improper Authentication vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian CWE-287
4.3
2023-09-15 CVE-2023-40167 Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian
5.3
2023-09-15 CVE-2023-36479 Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project.
network
low complexity
eclipse debian
4.3
2023-05-12 CVE-2023-32081 Unspecified vulnerability in Eclipse Vert.X Stomp
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client.
network
low complexity
eclipse
6.5
2023-04-18 CVE-2023-26048 Unspecified vulnerability in Eclipse Jetty
Jetty is a java based web server and servlet engine.
network
low complexity
eclipse
5.3
2023-04-18 CVE-2023-26049 Jetty is a java based web server and servlet engine.
network
low complexity
eclipse debian netapp
5.3