Filtered by vendor Eclipse
Subscribe
Total
141 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0673 | 1 Eclipse | 1 Lemminx | 2022-02-25 | 6.4 MEDIUM | 6.5 MEDIUM |
| A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal. | |||||
| CVE-2022-0672 | 1 Eclipse | 1 Lemminx | 2022-02-25 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user. | |||||
| CVE-2021-41040 | 1 Eclipse | 1 Wakaama | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data. | |||||
| CVE-2020-10689 | 1 Eclipse | 1 Che | 2021-12-20 | 4.9 MEDIUM | 6.8 MEDIUM |
| A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod. | |||||
| CVE-2021-41039 | 1 Eclipse | 1 Mosquitto | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. | |||||
| CVE-2021-41038 | 1 Eclipse | 1 Theia | 2021-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage(). | |||||
| CVE-2021-41036 | 1 Eclipse | 1 Paho Mqtt C\/c\+\+ Client | 2021-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. | |||||
| CVE-2017-7655 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. | |||||
| CVE-2019-11779 | 5 Canonical, Debian, Eclipse and 2 more | 6 Ubuntu Linux, Debian Linux, Mosquitto and 3 more | 2021-10-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | |||||
| CVE-2019-10240 | 1 Eclipse | 1 Hawkbit | 2021-10-28 | 6.8 MEDIUM | 8.1 HIGH |
| Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected. | |||||
| CVE-2019-10245 | 2 Eclipse, Redhat | 6 Openj9, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2021-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load. | |||||
| CVE-2019-11773 | 1 Eclipse | 1 Omr | 2021-10-28 | 4.4 MEDIUM | 7.8 HIGH |
| Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | |||||
| CVE-2021-41035 | 1 Eclipse | 1 Openj9 | 2021-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. | |||||
| CVE-2021-41034 | 1 Eclipse | 1 Che | 2021-10-07 | 6.8 MEDIUM | 8.1 HIGH |
| The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che. | |||||
| CVE-2021-41033 | 1 Eclipse | 1 Equinox | 2021-09-24 | 6.8 MEDIUM | 8.1 HIGH |
| In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code. | |||||
| CVE-2020-27223 | 5 Apache, Debian, Eclipse and 2 more | 16 Nifi, Solr, Spark and 13 more | 2021-09-16 | 4.3 MEDIUM | 5.3 MEDIUM |
| In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | |||||
| CVE-2021-32835 | 1 Eclipse | 1 Keti | 2021-09-16 | 6.5 MEDIUM | 9.9 CRITICAL |
| Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063. | |||||
| CVE-2021-34436 | 1 Eclipse | 1 Theia | 2021-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default. | |||||
| CVE-2020-18735 | 1 Eclipse | 1 Cyclone Data Distribution Service | 2021-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | |||||
| CVE-2020-18734 | 1 Eclipse | 1 Cyclone Data Distribution Service | 2021-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | |||||