Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2021-10-25 CVE-2021-41035 Unspecified vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.
network
low complexity
eclipse
critical
9.8
2021-09-29 CVE-2021-41034 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Eclipse CHE
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint.
network
eclipse CWE-924
6.8
2021-09-13 CVE-2021-41033 Unspecified vulnerability in Eclipse Equinox 4.21
In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.
network
eclipse
6.8
2021-09-09 CVE-2021-32834 Expression Language Injection vulnerability in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).
network
low complexity
eclipse CWE-917
6.5
2021-09-09 CVE-2021-32835 Protection Mechanism Failure vulnerability in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).
network
low complexity
eclipse CWE-693
6.5
2021-09-02 CVE-2021-34436 XXE vulnerability in Eclipse Theia 0.1.1/0.2.0
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension.
network
low complexity
eclipse CWE-611
7.5
2021-09-01 CVE-2021-34435 Origin Validation Error vulnerability in Eclipse Theia
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE.
network
low complexity
eclipse CWE-346
8.8
2021-08-30 CVE-2021-34434 Incorrect Authorization vulnerability in multiple products
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
network
low complexity
eclipse fedoraproject CWE-863
5.3
2021-08-23 CVE-2020-18734 Out-of-bounds Write vulnerability in Eclipse Cyclone Data Distribution Service 0.1.0
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
network
low complexity
eclipse CWE-787
5.0
2021-08-23 CVE-2020-18735 Out-of-bounds Write vulnerability in Eclipse Cyclone Data Distribution Service 0.1.0
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
network
low complexity
eclipse CWE-787
5.0