Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2021-32834 | Expression Language Injection vulnerability in Eclipse Keti Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). | 9.9 |
| 2021-09-09 | CVE-2021-32835 | Unspecified vulnerability in Eclipse Keti Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). | 9.9 |
| 2021-09-02 | CVE-2021-34436 | XXE vulnerability in Eclipse Theia 0.1.1/0.2.0 In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. | 9.8 |
| 2021-09-01 | CVE-2021-34435 | Origin Validation Error vulnerability in Eclipse Theia In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. | 8.8 |
| 2021-08-30 | CVE-2021-34434 | Incorrect Authorization vulnerability in multiple products In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. | 5.3 |
| 2021-08-23 | CVE-2020-18734 | Out-of-bounds Write vulnerability in Eclipse Cyclone Data Distribution Service 0.1.0 A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | 7.5 |
| 2021-08-23 | CVE-2020-18735 | Out-of-bounds Write vulnerability in Eclipse Cyclone Data Distribution Service 0.1.0 A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | 7.5 |
| 2021-08-20 | CVE-2021-34433 | Improper Verification of Cryptographic Signature vulnerability in Eclipse Californium In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange. | 7.5 |
| 2021-07-27 | CVE-2021-34432 | Unspecified vulnerability in Eclipse Mosquitto In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0. | 7.5 |
| 2021-07-22 | CVE-2021-34431 | Memory Leak vulnerability in Eclipse Mosquitto In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker. | 6.5 |