Vulnerabilities > Eclipse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-10 | CVE-2022-36022 | Use of Insufficiently Random Values vulnerability in Eclipse Deeplearning4J Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. | 5.3 |
| 2022-10-24 | CVE-2022-3676 | Type Confusion vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. | 6.5 |
| 2022-08-16 | CVE-2022-2838 | XXE vulnerability in Eclipse Sphinx In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests. | 5.3 |
| 2022-07-07 | CVE-2021-41042 | XXE vulnerability in Eclipse LYO 1.0.0/4.1.0 In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. | 5.3 |
| 2022-04-27 | CVE-2021-41041 | Unchecked Return Value vulnerability in multiple products In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | 5.3 |
| 2022-02-18 | CVE-2022-0672 | Information Exposure vulnerability in Eclipse Lemminx A flaw was found in LemMinX in versions prior to 0.19.0. | 5.5 |
| 2022-02-18 | CVE-2022-0673 | Path Traversal vulnerability in Eclipse Lemminx A flaw was found in LemMinX in versions prior to 0.19.0. | 6.5 |
| 2021-11-10 | CVE-2021-41038 | Unspecified vulnerability in Eclipse Theia In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage(). | 6.1 |
| 2021-08-30 | CVE-2021-34434 | Incorrect Authorization vulnerability in multiple products In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. | 5.3 |
| 2021-07-22 | CVE-2021-34431 | Memory Leak vulnerability in Eclipse Mosquitto In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker. | 6.5 |