Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2021-11-10 CVE-2021-41038 Unspecified vulnerability in Eclipse Theia
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
network
eclipse
4.3
2021-11-03 CVE-2021-41036 Out-of-bounds Write vulnerability in Eclipse Paho Mqtt C/C++ Client
In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.
network
low complexity
eclipse CWE-787
7.5
2021-10-25 CVE-2021-41035 Unspecified vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.
network
low complexity
eclipse
7.5
2021-09-29 CVE-2021-41034 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Eclipse CHE
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint.
network
eclipse CWE-924
6.8
2021-09-13 CVE-2021-41033 Unspecified vulnerability in Eclipse Equinox 4.21
In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.
network
eclipse
6.8
2021-09-09 CVE-2021-32835 Protection Mechanism Failure vulnerability in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).
network
low complexity
eclipse CWE-693
6.5
2021-09-09 CVE-2021-32834 Code Injection vulnerability in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).
network
low complexity
eclipse CWE-94
6.5
2021-09-02 CVE-2021-34436 XXE vulnerability in Eclipse Theia 0.1.1/0.2.0
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension.
network
low complexity
eclipse CWE-611
7.5
2021-09-01 CVE-2021-34435 Exposure of Resource to Wrong Sphere vulnerability in Eclipse Theia
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE.
network
eclipse CWE-668
6.8
2021-08-30 CVE-2021-34434 Incorrect Authorization vulnerability in multiple products
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
network
low complexity
eclipse fedoraproject CWE-863
5.0