Vulnerabilities > Eclipse > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-11 | CVE-2024-8376 | Improper Handling of Exceptional Conditions vulnerability in Eclipse Mosquitto In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | 7.5 |
| 2024-09-11 | CVE-2024-8642 | Improper Authentication vulnerability in Eclipse Dataspace Components In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. | 8.1 |
| 2024-09-04 | CVE-2024-8391 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Vert.X In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) | 7.5 |
| 2024-07-17 | CVE-2023-7272 | Out-of-bounds Write vulnerability in Eclipse Parsson In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. | 7.5 |
| 2024-05-27 | CVE-2024-3933 | Out-of-bounds Write vulnerability in Eclipse Openj9 In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. | 7.3 |
| 2024-04-09 | CVE-2024-3046 | Unspecified vulnerability in Eclipse Kura In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. | 7.5 |
| 2024-03-26 | CVE-2024-2212 | Integer Overflow or Wraparound vulnerability in Eclipse Threadx In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. | 7.8 |
| 2024-03-26 | CVE-2024-2214 | Improper Validation of Array Index vulnerability in Eclipse Threadx In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. | 7.8 |
| 2024-02-26 | CVE-2024-22201 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Jetty is a Java based web server and servlet engine. | 7.5 |
| 2023-12-11 | CVE-2023-6194 | XXE vulnerability in Eclipse Memory Analyzer In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. | 7.1 |