Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-17633
For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local in...
Eclipse Che
1 Github repository
605
VMScore
CVE-2019-11770
In Eclipse Buildship versions before 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally,...
Eclipse Buildship
605
VMScore
CVE-2019-10249
All Xtext & Xtend versions before 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
Eclipse Xtend
Eclipse Xtext
605
VMScore
CVE-2019-10248
Eclipse Vorto versions before 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
Eclipse Vorto
605
VMScore
CVE-2019-10240
Eclipse hawkBit versions before 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Eclipse Hawkbit 0.3.0
Eclipse Hawkbit
605
VMScore
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour ...
Eclipse Mosquitto
605
VMScore
CVE-2018-12551
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clie...
Eclipse Mosquitto
580
VMScore
CVE-2018-12538
In Eclipse Jetty versions 9.4.0 up to and including 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions pre...
Eclipse Jetty
Netapp E-series Santricity Os Controller
Netapp Snap Creator Framework -
Netapp Hyper Converged Infrastructure -
Netapp Element Software -
Netapp Santricity Cloud Connector -
Netapp Snapcenter -
Netapp Oncommand Unified Manager -
Netapp E-series Santricity Management Plug-ins -
Netapp E-series Santricity Web Services Proxy -
Netapp Oncommand System Manager
Netapp Snapmanager -
578
VMScore
CVE-2021-32835
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of ...
Eclipse Keti -
578
VMScore
CVE-2021-32834
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerabilit...
Eclipse Keti -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »