Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

eclipse eclipse ide vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2024-0740
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03
5
CVSSv3
CVE-2023-4218
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Eclipse Eclipse IdeEclipse PdeEclipse Org.eclipse.core.runtime
8.8
CVSSv3
CVE-2022-24441
The package snyk prior to 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privilege...
Snyk Snyk SecuritySnyk Snyk Language ServerSnyk Snyk Cli
8.8
CVSSv3
CVE-2021-34435
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a maliciou...
Eclipse Theia
7.1
CVSSv3
CVE-2020-14368
A flaw was found in Eclipse Che in versions before 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site We...
Eclipse Che
7.5
CVSSv3
CVE-2017-8315
Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and previous versions was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.
Eclipse Ide 2017.2.5
NA
CVE-2010-4647
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE prior to 3.6.2 allow remote malicious users to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content...
Eclipse Eclipse Ide 3.6Eclipse Eclipse Ide 3.0Eclipse Eclipse Ide 3.2Eclipse Eclipse Ide 2.1.2Eclipse Eclipse Ide 3.1Eclipse Eclipse Ide 3.3Eclipse Eclipse Ide 3.1.2Eclipse Eclipse Ide 3.4.1Eclipse Eclipse Ide 2.0Eclipse Eclipse Ide 2.0.1Eclipse Eclipse Ide 3.4.2Eclipse Eclipse Ide 3.3.1Eclipse Eclipse Ide 3.3.1.1Eclipse Eclipse Ide 3.5.1Eclipse Eclipse Ide 2.1.3Eclipse Eclipse Ide 3.5.2Eclipse Eclipse Ide 3.0.1Eclipse Eclipse Ide 2.1Eclipse Eclipse Ide 2.0.2Eclipse Eclipse Ide 1.0Eclipse Eclipse Ide 3.0.2Eclipse Eclipse Ide 3.2.2
NA
CVE-2008-7271
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote malicious users to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (...
Eclipse Eclipse IdeEclipse Eclipse Ide 3.3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook