Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-34436
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default...
Eclipse Theia
7.1
CVSSv3
CVE-2020-14368
A flaw was found in Eclipse Che in versions before 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site We...
Eclipse Che
1 Github repository
7.5
CVSSv3
CVE-2018-20145
Eclipse Mosquitto 1.5.x prior to 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
Eclipse Mosquitto
5.3
CVSSv3
CVE-2023-0809
In Mosquitto prior to 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
Eclipse Mosquitto
9.8
CVSSv3
CVE-2021-38441
Eclipse CycloneDDS versions before 0.8.0 are vulnerable to a write-what-where condition, which may allow an malicious user to write arbitrary values in the XML parser.
Eclipse Cyclonedds
7.8
CVSSv3
CVE-2020-27225
In versions 4.18 and previous versions of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local malicious user to issue active help commands to the associated Eclipse Platform process or...
Eclipse Platform
7.5
CVSSv3
CVE-2023-3592
In Mosquitto prior to 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
Eclipse Mosquitto
6.5
CVSSv3
CVE-2018-12546
In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this ma...
Eclipse Mosquitto
8.1
CVSSv3
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour ...
Eclipse Mosquitto
9.8
CVSSv3
CVE-2018-12542
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outsi...
Eclipse Vert.x
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »