Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-11 | CVE-2024-8646 | Open Redirect vulnerability in Eclipse Glassfish In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/'). | 6.1 |
| 2024-09-04 | CVE-2024-8391 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Vert.X In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) | 7.5 |
| 2024-07-17 | CVE-2023-7272 | Out-of-bounds Write vulnerability in Eclipse Parsson In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. | 7.5 |
| 2024-05-27 | CVE-2024-3933 | Out-of-bounds Write vulnerability in Eclipse Openj9 In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. | 7.3 |
| 2024-05-23 | CVE-2024-5165 | Cross-site Scripting vulnerability in Eclipse Ditto In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting). Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. | 5.4 |
| 2024-05-07 | CVE-2024-4536 | Insufficiently Protected Credentials vulnerability in Eclipse EDC Connector In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. | 5.3 |
| 2024-04-26 | CVE-2024-0740 | Command Injection vulnerability in Eclipse Target Management Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. | 9.8 |
| 2024-04-09 | CVE-2024-3046 | Unspecified vulnerability in Eclipse Kura In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. | 7.5 |
| 2024-03-26 | CVE-2024-2212 | Integer Overflow or Wraparound vulnerability in Eclipse Threadx In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. | 7.8 |
| 2024-03-26 | CVE-2024-2214 | Improper Validation of Array Index vulnerability in Eclipse Threadx In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. | 7.8 |