Vulnerabilities > Eclipse > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-01 | CVE-2021-41039 | Unspecified vulnerability in Eclipse Mosquitto In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. | 7.5 |
| 2021-09-29 | CVE-2021-41034 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Eclipse CHE The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. | 8.1 |
| 2021-09-13 | CVE-2021-41033 | Unspecified vulnerability in Eclipse Equinox 4.21 In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code. | 8.1 |
| 2021-09-01 | CVE-2021-34435 | Origin Validation Error vulnerability in Eclipse Theia In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. | 8.8 |
| 2021-08-23 | CVE-2020-18734 | Out-of-bounds Write vulnerability in Eclipse Cyclone Data Distribution Service 0.1.0 A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | 7.5 |
| 2021-08-23 | CVE-2020-18735 | Out-of-bounds Write vulnerability in Eclipse Cyclone Data Distribution Service 0.1.0 A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | 7.5 |
| 2021-08-20 | CVE-2021-34433 | Improper Verification of Cryptographic Signature vulnerability in Eclipse Californium In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange. | 7.5 |
| 2021-07-27 | CVE-2021-34432 | Unspecified vulnerability in Eclipse Mosquitto In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0. | 7.5 |
| 2021-07-08 | CVE-2021-34430 | Inadequate Encryption Strength vulnerability in Eclipse Tinydtls 0.8.1/0.8.2/0.9 Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. | 7.5 |
| 2021-04-01 | CVE-2021-28165 | Improper Handling of Exceptional Conditions vulnerability in multiple products In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | 7.5 |