Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-12551
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clie...
Eclipse Mosquitto
2.1
CVSSv2
CVE-2022-0672
A flaw was found in LemMinX in versions before 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user.
Eclipse Lemminx
6.4
CVSSv2
CVE-2022-0673
A flaw was found in LemMinX in versions before 0.19.0. Cache poisoning of external schema files due to directory traversal.
Eclipse Lemminx
7.5
CVSSv2
CVE-2021-38441
Eclipse CycloneDDS versions before 0.8.0 are vulnerable to a write-what-where condition, which may allow an malicious user to write arbitrary values in the XML parser.
Eclipse Cyclonedds
7.5
CVSSv2
CVE-2021-38443
Eclipse CycloneDDS versions before 0.8.0 improperly handle invalid structures, which may allow an malicious user to write arbitrary values in the XML parser.
Eclipse Cyclonedds
4.6
CVSSv2
CVE-2020-14368
A flaw was found in Eclipse Che in versions before 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site We...
Eclipse Che
1 Github repository
6.8
CVSSv2
CVE-2021-41034
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks...
Eclipse Che
4.3
CVSSv2
CVE-2021-41038
In versions of the @theia/plugin-ext component of Eclipse Theia before 1.18.0, Webview contents can be hijacked via postMessage().
Eclipse Theia
5
CVSSv2
CVE-2021-41042
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an malicious user to cause an external DTD to be retrieved.
Eclipse Lyo
1 Github repository
5
CVSSv2
CVE-2022-2191
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
Eclipse Jetty
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »