Filtered by vendor Eclipse
Subscriptions
Total
186 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7655 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | 7.5 High |
| In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. | ||||
| CVE-2017-7654 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker. | ||||
| CVE-2017-7653 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients. | ||||
| CVE-2017-7652 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail. | ||||
| CVE-2017-7651 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol. | ||||
| CVE-2017-7650 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. | ||||
| CVE-2017-7649 | 1 Eclipse | 1 Kura | 2024-11-21 | N/A |
| The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address. | ||||
| CVE-2017-7243 | 1 Eclipse | 1 Tinydtls | 2024-11-21 | N/A |
| Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. | ||||
| CVE-2016-4800 | 2 Eclipse, Microsoft | 2 Jetty, Windows | 2024-11-21 | N/A |
| The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. | ||||
| CVE-2015-8031 | 1 Eclipse | 1 Hudson | 2024-11-21 | 9.8 Critical |
| Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks. | ||||
| CVE-2015-2080 | 2 Eclipse, Fedoraproject | 2 Jetty, Fedora | 2024-11-21 | N/A |
| The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. | ||||
| CVE-2014-9390 | 6 Apple, Eclipse, Git-scm and 3 more | 8 Mac Os X, Xcode, Egit and 5 more | 2024-11-21 | 9.8 Critical |
| Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. | ||||
| CVE-2010-4647 | 2 Eclipse, Redhat | 2 Eclipse Ide, Enterprise Linux | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. | ||||
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 6.1 Medium |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | ||||
| CVE-2009-5045 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 7.5 High |
| Dump Servlet information leak in jetty before 6.1.22. | ||||
| CVE-2009-4521 | 1 Eclipse | 1 Birt | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter. | ||||
| CVE-2008-7271 | 1 Eclipse | 1 Eclipse Ide | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647. | ||||
| CVE-2024-8376 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-11-15 | 7.5 High |
| In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | ||||
| CVE-2024-6762 | 1 Eclipse | 1 Jetty | 2024-11-08 | 3.1 Low |
| Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. | ||||
| CVE-2024-6763 | 1 Eclipse | 1 Jetty | 2024-11-08 | 3.7 Low |
| Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. | ||||