Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-09 | CVE-2019-10243 | Information Exposure vulnerability in Eclipse Kura In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. | 5.3 |
| 2019-04-09 | CVE-2019-10242 | Path Traversal vulnerability in Eclipse Kura In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types. | 5.3 |
| 2019-04-03 | CVE-2019-10240 | Cleartext Transmission of Sensitive Information vulnerability in Eclipse Hawkbit Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. | 8.1 |
| 2019-03-27 | CVE-2018-12545 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. | 7.5 |
| 2019-03-27 | CVE-2017-7655 | NULL Pointer Dereference vulnerability in multiple products In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. | 7.5 |
| 2019-03-27 | CVE-2018-12551 | Improper Authentication vulnerability in Eclipse Mosquitto When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. | 8.1 |
| 2019-03-27 | CVE-2018-12550 | Unspecified vulnerability in Eclipse Mosquitto When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. | 8.1 |
| 2019-03-27 | CVE-2018-12546 | Incorrect Permission Assignment for Critical Resource vulnerability in Eclipse Mosquitto In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. | 6.5 |
| 2019-02-22 | CVE-2019-9004 | Memory Leak vulnerability in Eclipse Wakaama 1.0 In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. | 7.5 |
| 2019-02-11 | CVE-2018-12549 | Improper Input Validation vulnerability in multiple products In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. | 9.8 |