Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2021-38441 Write-what-where Condition vulnerability in Eclipse Cyclonedds
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
network
low complexity
eclipse CWE-123
7.5
2022-05-05 CVE-2021-38443 Improper Handling of Syntactically Invalid Structure vulnerability in Eclipse Cyclonedds
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
network
low complexity
eclipse CWE-228
7.5
2022-04-27 CVE-2021-41041 Unchecked Return Value vulnerability in multiple products
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.
network
low complexity
eclipse oracle CWE-252
5.0
2022-02-18 CVE-2022-0672 Information Exposure vulnerability in Eclipse Lemminx
A flaw was found in LemMinX in versions prior to 0.19.0.
local
low complexity
eclipse CWE-200
2.1
2022-02-18 CVE-2022-0673 Path Traversal vulnerability in Eclipse Lemminx
A flaw was found in LemMinX in versions prior to 0.19.0.
network
low complexity
eclipse CWE-22
6.4
2022-02-01 CVE-2021-41040 Out-of-bounds Read vulnerability in Eclipse Wakaama 1.0
In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data.
network
low complexity
eclipse CWE-125
5.0
2021-12-01 CVE-2021-41039 Unspecified vulnerability in Eclipse Mosquitto
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
network
low complexity
eclipse
5.0
2021-11-10 CVE-2021-41038 Unspecified vulnerability in Eclipse Theia
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
network
eclipse
4.3
2021-11-03 CVE-2021-41036 Out-of-bounds Write vulnerability in Eclipse Paho Mqtt C/C++ Client
In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.
network
low complexity
eclipse CWE-787
7.5
2021-10-25 CVE-2021-41035 Unspecified vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.
network
low complexity
eclipse
7.5