Vulnerabilities > Eclipse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-36479 | Improper Neutralization of Quoting Syntax vulnerability in multiple products Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. | 4.3 |
| 2023-05-12 | CVE-2023-32081 | Improper Authentication vulnerability in Eclipse Vert.X Stomp Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. | 6.5 |
| 2023-04-18 | CVE-2023-26048 | Resource Exhaustion vulnerability in Eclipse Jetty Jetty is a java based web server and servlet engine. | 5.3 |
| 2023-04-18 | CVE-2023-26049 | Information Exposure vulnerability in multiple products Jetty is a java based web server and servlet engine. | 5.3 |
| 2023-02-09 | CVE-2023-24815 | Path Traversal vulnerability in Eclipse Vert.X-Web Vert.x-Web is a set of building blocks for building web applications in the java programming language. | 5.3 |
| 2022-11-10 | CVE-2022-36022 | Use of Insufficiently Random Values vulnerability in Eclipse Deeplearning4J Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. | 5.3 |
| 2022-10-24 | CVE-2022-3676 | Type Confusion vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. | 6.5 |
| 2022-08-16 | CVE-2022-2838 | XXE vulnerability in Eclipse Sphinx In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests. | 5.3 |
| 2022-07-07 | CVE-2021-41042 | XXE vulnerability in Eclipse LYO 1.0.0/4.1.0 In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. | 5.3 |
| 2022-04-27 | CVE-2021-41041 | Unchecked Return Value vulnerability in multiple products In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | 5.3 |