Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-05 | CVE-2021-38441 | Unspecified vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. | 9.8 |
| 2022-05-05 | CVE-2021-38443 | Unspecified vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. | 9.8 |
| 2022-04-27 | CVE-2021-41041 | Unchecked Return Value vulnerability in multiple products In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | 5.3 |
| 2022-02-18 | CVE-2022-0672 | Information Exposure vulnerability in Eclipse Lemminx A flaw was found in LemMinX in versions prior to 0.19.0. | 5.5 |
| 2022-02-18 | CVE-2022-0673 | Path Traversal vulnerability in Eclipse Lemminx A flaw was found in LemMinX in versions prior to 0.19.0. | 6.5 |
| 2022-02-01 | CVE-2021-41040 | Out-of-bounds Read vulnerability in Eclipse Wakaama 1.0 In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data. | 7.5 |
| 2021-12-01 | CVE-2021-41039 | Unspecified vulnerability in Eclipse Mosquitto In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. | 7.5 |
| 2021-11-10 | CVE-2021-41038 | Unspecified vulnerability in Eclipse Theia In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage(). | 6.1 |
| 2021-11-03 | CVE-2021-41036 | Out-of-bounds Write vulnerability in Eclipse Paho Mqtt C/C++ Client 1.0.0 In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. | 9.8 |
| 2021-10-25 | CVE-2021-41035 | Unspecified vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. | 9.8 |