Vulnerabilities > Eclipse > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-21 | CVE-2025-1471 | Unspecified vulnerability in Eclipse OMR In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. | 7.8 |
| 2024-10-11 | CVE-2024-8376 | Improper Handling of Exceptional Conditions vulnerability in Eclipse Mosquitto In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | 7.5 |
| 2024-09-11 | CVE-2024-8642 | Improper Authentication vulnerability in Eclipse Dataspace Components In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. | 8.1 |
| 2024-09-04 | CVE-2024-8391 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Vert.X In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) | 7.5 |
| 2024-07-17 | CVE-2023-7272 | Out-of-bounds Write vulnerability in Eclipse Parsson In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. | 7.5 |
| 2024-05-27 | CVE-2024-3933 | Out-of-bounds Write vulnerability in Eclipse Openj9 In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. | 7.3 |
| 2024-04-09 | CVE-2024-3046 | Unspecified vulnerability in Eclipse Kura In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. | 7.5 |
| 2024-03-26 | CVE-2024-2212 | Integer Overflow or Wraparound vulnerability in Eclipse Threadx In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. | 7.8 |
| 2024-03-26 | CVE-2024-2214 | Improper Validation of Array Index vulnerability in Eclipse Threadx In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. | 7.8 |
| 2024-02-26 | CVE-2024-22201 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Jetty is a Java based web server and servlet engine. | 7.5 |