Vulnerabilities > Eclipse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-18 | CVE-2019-11778 | Use After Free vulnerability in Eclipse Mosquitto If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations. | 5.4 |
| 2019-08-09 | CVE-2019-11776 | Cross-site Scripting vulnerability in Eclipse Business Intelligence and Reporting Tools In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. | 6.1 |
| 2019-04-22 | CVE-2019-10247 | Information Exposure vulnerability in multiple products In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. | 5.3 |
| 2019-04-22 | CVE-2019-10246 | Information Exposure vulnerability in multiple products In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. | 5.3 |
| 2019-04-22 | CVE-2019-10241 | Cross-site Scripting vulnerability in multiple products In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. | 6.1 |
| 2019-04-09 | CVE-2019-10243 | Information Exposure vulnerability in Eclipse Kura In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. | 5.3 |
| 2019-04-09 | CVE-2019-10242 | Path Traversal vulnerability in Eclipse Kura In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types. | 5.3 |
| 2019-03-27 | CVE-2018-12546 | Incorrect Permission Assignment for Critical Resource vulnerability in Eclipse Mosquitto In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. | 6.5 |
| 2018-10-10 | CVE-2018-12541 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eclipse Vert.X In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. | 6.5 |
| 2018-08-14 | CVE-2018-12537 | Improper Input Validation vulnerability in Eclipse Vert.X In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. | 5.3 |