Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-41038
In versions of the @theia/plugin-ext component of Eclipse Theia before 1.18.0, Webview contents can be hijacked via postMessage().
Eclipse Theia
5
CVSSv2
CVE-2019-10242
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
Eclipse Kura
5
CVSSv2
CVE-2019-10243
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an malicious user to specifically craft attacks to the web server run by Kura.
Eclipse Kura
5
CVSSv2
CVE-2021-34432
In Eclipse Mosquitto versions 2.07 and previous versions, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.
Eclipse Mosquitto
1 Github repository
6.5
CVSSv2
CVE-2021-32834
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerabilit...
Eclipse Keti -
4.9
CVSSv2
CVE-2020-10689
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge ...
Eclipse Che
NA
CVE-2023-32081
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame r...
Eclipse Vert.x Stomp
NA
CVE-2023-24815
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an ...
Eclipse Vert.x-web
NA
CVE-2023-6194
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entit...
Eclipse Memory Analyzer
7.8
CVSSv2
CVE-2017-8315
Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and previous versions was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.
Eclipse Ide 2017.2.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »