Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-34431
In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.
Eclipse Mosquitto
446
VMScore
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-281...
Eclipse Jetty
Netapp Snap Creator Framework -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp E-series Santricity Web Services -
Netapp Snapcenter Plug-in -
Netapp E-series Santricity Os Controller
Netapp Element Plug-in For Vcenter Server -
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Retail Eftlink 20.0.1
Oracle Communications Cloud Native Core Binding Support Function 1.10.0
Oracle Communications Diameter Signaling Router
Oracle Communications Cloud Native Core Unified Data Repository 1.14.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.5.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Oracle Rest Data Services
Oracle Stream Analytics
Oracle Stream Analytics 19c
2 Github repositories
445
VMScore
CVE-2021-34430
Eclipse TinyDTLS up to and including 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote malicious users to compute the master key and then decrypt DTLS traffic.
Eclipse Tinydtls
Eclipse Tinydtls 0.9
668
VMScore
CVE-2021-34427
In Eclipse BIRT versions 4.8.0 and previous versions, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
Eclipse Business Intelligence And Reporting Tools
321
VMScore
CVE-2021-34428
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this c...
Eclipse Jetty
Debian Debian Linux 10.0
Netapp Snap Creator Framework -
Netapp Santricity Cloud Connector -
Netapp Snapmanager -
Netapp E-series Santricity Web Services -
Netapp Active Iq Unified Manager -
Netapp E-series Santricity Os Controller
Netapp Element Plug-in For Vcenter Server -
Oracle Communications Services Gatekeeper 7.0
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Siebel Core - Automation
Oracle Communications Session Route Manager
Oracle Communications Element Manager 8.2.2
Oracle Rest Data Services
Oracle Communications Session Report Manager
446
VMScore
CVE-2021-28169
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the we...
Eclipse Jetty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Rest Data Services
Oracle Communications Cloud Native Core Policy 1.14.0
Netapp Snap Creator Framework -
Netapp Hci -
Netapp Active Iq Unified Manager -
Netapp Management Services For Element Software -
2 Github repositories
383
VMScore
CVE-2020-6950
Directory traversal in Eclipse Mojarra prior to 2.3.14 allows malicious users to read arbitrary files via the loc parameter or con parameter.
Eclipse Mojarra
Oracle Solaris Cluster 4.0
Oracle Banking Platform 2.6.2
Oracle Banking Platform 2.7.1
Oracle Banking Platform 2.9.0
Oracle Communications Network Integrity 7.3.6
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Banking Platform 2.12.0
Oracle Banking Enterprise Default Management 2.12.0
Oracle Banking Enterprise Default Management 2.10.0
Oracle Retail Merchandising System 19.0.1
Oracle Hyperion Calculation Manager
Oracle Time And Labor
445
VMScore
CVE-2021-28170
In the Jakarta Expression Language implementation 3.0.3 and previous versions, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
Eclipse Jakarta Expression Language
Quarkus Quarkus
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Weblogic Server 14.1.1.0.0
188
VMScore
CVE-2021-28168
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents...
Eclipse Jersey
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 1.15.0
570
VMScore
CVE-2021-28167
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, a...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »