Vulnerabilities > Eclipse > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-30 | CVE-2024-10525 | Out-of-bounds Write vulnerability in Eclipse Mosquitto In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. | 9.8 |
| 2024-04-26 | CVE-2024-0740 | Command Injection vulnerability in Eclipse Target Management Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. | 9.8 |
| 2024-03-26 | CVE-2024-2452 | Integer Overflow or Wraparound vulnerability in Eclipse Threadx Netx DUO In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. | 9.8 |
| 2023-11-03 | CVE-2023-5763 | Improper Control of Dynamically-Managed Code Resources vulnerability in Eclipse Glassfish 5.1.0/6.0.0/6.2.5 In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners. | 9.8 |
| 2023-09-21 | CVE-2023-4760 | Path Traversal vulnerability in Eclipse Remote Application Platform In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. | 9.8 |
| 2023-08-31 | CVE-2023-41034 | Unspecified vulnerability in Eclipse Leshan Eclipse Leshan is a device management server and client Java implementation. | 9.8 |
| 2023-05-22 | CVE-2023-2597 | Out-of-bounds Read vulnerability in Eclipse Openj9 In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. | 9.1 |
| 2022-07-18 | CVE-2015-8031 | XXE vulnerability in Eclipse Hudson Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks. | 9.8 |
| 2022-05-05 | CVE-2021-38441 | Unspecified vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. | 9.8 |
| 2022-05-05 | CVE-2021-38443 | Unspecified vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. | 9.8 |