Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse eclipse ide vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0740
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03
NA
CVE-2023-4218
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Eclipse Eclipse Ide
Eclipse Pde
Eclipse Org.eclipse.core.runtime
1 Github repository
NA
CVE-2022-24441
The package snyk prior to 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privilege...
Snyk Snyk Security
Snyk Snyk Language Server
Snyk Snyk Cli
6.8
CVSSv2
CVE-2021-34435
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a maliciou...
Eclipse Theia
4.6
CVSSv2
CVE-2020-14368
A flaw was found in Eclipse Che in versions before 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site We...
Eclipse Che
1 Github repository
4.3
CVSSv2
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
123 Github repositories
7.8
CVSSv2
CVE-2017-8315
Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and previous versions was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.
Eclipse Ide 2017.2.5
4.3
CVSSv2
CVE-2010-4647
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE prior to 3.6.2 allow remote malicious users to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content...
Eclipse Eclipse Ide 3.6
Eclipse Eclipse Ide 3.0
Eclipse Eclipse Ide 3.2
Eclipse Eclipse Ide 2.1.2
Eclipse Eclipse Ide 3.1
Eclipse Eclipse Ide 3.3
Eclipse Eclipse Ide 3.1.2
Eclipse Eclipse Ide 3.4.1
Eclipse Eclipse Ide 2.0
Eclipse Eclipse Ide 2.0.1
Eclipse Eclipse Ide 3.4.2
Eclipse Eclipse Ide 3.3.1
Eclipse Eclipse Ide 3.3.1.1
Eclipse Eclipse Ide 3.5.1
Eclipse Eclipse Ide 2.1.3
Eclipse Eclipse Ide 3.5.2
Eclipse Eclipse Ide 3.0.1
Eclipse Eclipse Ide 2.1
Eclipse Eclipse Ide 2.0.2
Eclipse Eclipse Ide 1.0
Eclipse Eclipse Ide 3.0.2
Eclipse Eclipse Ide 3.2.2
2 EDB exploits
4.3
CVSSv2
CVE-2008-7271
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote malicious users to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (...
Eclipse Eclipse Ide
Eclipse Eclipse Ide 3.3.2
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started