Eclipse: Security Vulnerabilities
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-05-05
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-05-05
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-27
A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-18
A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-02-18
In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data.
CVSS Score
7.5
EPSS Score
0.012
Published
2022-02-01
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-01
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
CVSS Score
6.1
EPSS Score
0.003
Published
2021-11-10
In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-11-03
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.
CVSS Score
9.8
EPSS Score
0.001
Published
2021-10-25