Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2712
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated malicious user to access critical data, such as co...
Eclipse Glassfish
NA
CVE-2023-0809
In Mosquitto prior to 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
Eclipse Mosquitto
NA
CVE-2022-39368
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions before 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the thr...
Eclipse Californium
4.3
CVSSv2
CVE-2021-28162
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
Eclipse Theia
4
CVSSv2
CVE-2021-28166
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.
Eclipse Mosquitto
1 Github repository
7.5
CVSSv2
CVE-2021-38443
Eclipse CycloneDDS versions before 0.8.0 improperly handle invalid structures, which may allow an malicious user to write arbitrary values in the XML parser.
Eclipse Cyclonedds
NA
CVE-2023-5632
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack....
Eclipse Mosquitto
NA
CVE-2023-5763
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote malicious users to load malicious code on the server via access to insecure ORB listeners.
Eclipse Glassfish
7.5
CVSSv2
CVE-2014-9390
Git prior to 1.8.5.6, 1.9.x prior to 1.9.5, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 on Windows and OS X; Mercurial prior to 3.2.3 on Windows and OS X; Apple Xcode prior to 6.2 beta 3; mine all versions prior to 08-12-2014; libgit2 all versions up to 0...
Git-scm Git
Mercurial Mercurial
Apple Xcode 6.2
Apple Xcode
Eclipse Egit
Libgit2 Libgit2
Eclipse Jgit
2 Metasploit modules
4 Github repositories
8.5
CVSSv2
CVE-2019-17634
Eclipse Memory Analyzer version 1.9.1 and previous versions is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem...
Eclipse Memory Analyzer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »