Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-41038 | Unspecified vulnerability in Eclipse Theia In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage(). network eclipse | 4.3 |
| 2021-11-03 | CVE-2021-41036 | Out-of-bounds Write vulnerability in Eclipse Paho Mqtt C/C++ Client In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. | 7.5 |
| 2021-10-25 | CVE-2021-41035 | Unspecified vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. | 7.5 |
| 2021-09-29 | CVE-2021-41034 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Eclipse CHE The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. | 6.8 |
| 2021-09-13 | CVE-2021-41033 | Unspecified vulnerability in Eclipse Equinox 4.21 In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code. network eclipse | 6.8 |
| 2021-09-09 | CVE-2021-32834 | Expression Language Injection vulnerability in Eclipse Keti Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). | 6.5 |
| 2021-09-09 | CVE-2021-32835 | Protection Mechanism Failure vulnerability in Eclipse Keti Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). | 6.5 |
| 2021-09-02 | CVE-2021-34436 | XXE vulnerability in Eclipse Theia 0.1.1/0.2.0 In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. | 7.5 |
| 2021-09-01 | CVE-2021-34435 | Origin Validation Error vulnerability in Eclipse Theia In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. | 8.8 |
| 2021-08-30 | CVE-2021-34434 | Incorrect Authorization vulnerability in multiple products In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. | 5.3 |