Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-38441
Eclipse CycloneDDS versions before 0.8.0 are vulnerable to a write-what-where condition, which may allow an malicious user to write arbitrary values in the XML parser.
Eclipse Cyclonedds
10
CVSSv2
CVE-2017-7649
The network enabled distribution of Kura prior to 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unenc...
Eclipse Kura
NA
CVE-2022-2576
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplificatio...
Eclipse Californium
4.3
CVSSv2
CVE-2021-28161
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
Eclipse Theia
7.5
CVSSv2
CVE-2021-38443
Eclipse CycloneDDS versions before 0.8.0 improperly handle invalid structures, which may allow an malicious user to write arbitrary values in the XML parser.
Eclipse Cyclonedds
7.5
CVSSv2
CVE-2021-34436
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default...
Eclipse Theia
7.5
CVSSv2
CVE-2018-12548
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
Eclipse Openj9 0.11.0
5
CVSSv2
CVE-2021-41040
In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data.
Eclipse Wakaama 1.0
3 Github repositories
6.4
CVSSv2
CVE-2018-20227
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
Eclipse Rdf4j 2.4.2
NA
CVE-2023-24815
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an ...
Eclipse Vert.x-web
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »