Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-17632
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.
Eclipse Jetty 9.4.21
Eclipse Jetty 9.4.22
Eclipse Jetty 9.4.23
6.8
CVSSv2
CVE-2019-10249
All Xtext & Xtend versions before 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Eclipse Xtend
Eclipse Xtext
6.8
CVSSv2
CVE-2019-10240
Eclipse hawkBit versions before 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Eclipse Hawkbit
Eclipse Hawkbit 0.3.0
NA
CVE-2023-41034
Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to `XXE Attacks`. A DDF file is a LWM2M format used to store LWM2M object description. Leshan user...
Eclipse Leshan 2.0.0
Eclipse Leshan
NA
CVE-2022-36022
Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affe...
Eclipse Deeplearning4j
Eclipse Deeplearning4j 1.0.0
6.8
CVSSv2
CVE-2021-41033
In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installati...
Eclipse Equinox
Eclipse Equinox 4.21
5
CVSSv2
CVE-2021-34430
Eclipse TinyDTLS up to and including 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote malicious users to compute the master key and then decrypt DTLS traffic.
Eclipse Tinydtls 0.9
Eclipse Tinydtls
5
CVSSv2
CVE-2021-34433
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerK...
Eclipse Californium 3.0.0
Eclipse Californium
4.3
CVSSv2
CVE-2020-27219
In all version of Eclipse Hawkbit before 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped...
Eclipse Hawkbit
Eclipse Hawkbit 0.3.0
9
CVSSv2
CVE-2020-27220
The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command targe...
Eclipse Hono 1.5.0
Eclipse Hono
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »