Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2021-09-29 CVE-2021-41034 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Eclipse CHE
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint.
network
high complexity
eclipse CWE-924
8.1
2021-09-13 CVE-2021-41033 Unspecified vulnerability in Eclipse Equinox 4.21
In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.
network
high complexity
eclipse
8.1
2021-09-09 CVE-2021-32834 Expression Language Injection vulnerability in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).
network
low complexity
eclipse CWE-917
critical
9.9
2021-09-09 CVE-2021-32835 Unspecified vulnerability in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).
network
low complexity
eclipse
critical
9.9
2021-09-02 CVE-2021-34436 XXE vulnerability in Eclipse Theia 0.1.1/0.2.0
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension.
network
low complexity
eclipse CWE-611
critical
9.8
2021-09-01 CVE-2021-34435 Origin Validation Error vulnerability in Eclipse Theia
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE.
network
low complexity
eclipse CWE-346
8.8
2021-08-30 CVE-2021-34434 Incorrect Authorization vulnerability in multiple products
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
network
low complexity
eclipse fedoraproject CWE-863
5.3
2021-08-23 CVE-2020-18734 Out-of-bounds Write vulnerability in Eclipse Cyclone Data Distribution Service 0.1.0
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
network
low complexity
eclipse CWE-787
7.5
2021-08-23 CVE-2020-18735 Out-of-bounds Write vulnerability in Eclipse Cyclone Data Distribution Service 0.1.0
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
network
low complexity
eclipse CWE-787
7.5
2021-08-20 CVE-2021-34433 Improper Verification of Cryptographic Signature vulnerability in Eclipse Californium
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.
network
low complexity
eclipse CWE-347
7.5