MidnightBSD

Advisories for eclipse

CVE-2008-7271 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
eclipse eclipse_ide 3.3.2
eclipse eclipse_ide *
CVE-2010-4647 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
eclipse eclipse_ide 3.3
eclipse eclipse_ide 3.1.2
eclipse eclipse_ide 3.4.2
eclipse eclipse_ide 2.0
eclipse eclipse_ide 3.4
eclipse eclipse_ide 2.0.2
eclipse eclipse_ide 1.0
eclipse eclipse_ide 2.1.3
eclipse eclipse_ide 3.3.1
eclipse eclipse_ide 3.5
eclipse eclipse_ide 3.0
eclipse eclipse_ide *
eclipse eclipse_ide 2.0.1
eclipse eclipse_ide 3.4.1
eclipse eclipse_ide 3.0.2
eclipse eclipse_ide 3.0.1
eclipse eclipse_ide 3.5.1
eclipse eclipse_ide 2.1.1
eclipse eclipse_ide 3.5.2
eclipse eclipse_ide 2.1.2
eclipse eclipse_ide 3.1
eclipse eclipse_ide 3.2.2
eclipse eclipse_ide 3.3.2
eclipse eclipse_ide 2.1
eclipse eclipse_ide 3.2.1
eclipse eclipse_ide 3.6
eclipse eclipse_ide 3.2
eclipse eclipse_ide 3.1.1
eclipse eclipse_ide 3.3.1.1
CVE-2014-9390 HIGH

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libgit2 libgit2 *
apple xcode *
eclipse egit *
apple xcode 6.2
git-scm git *
eclipse jgit *
mercurial mercurial *
CVE-2015-2080 MEDIUM

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
eclipse jetty 9.2.7
eclipse jetty 9.2.4
eclipse jetty 9.2.6
eclipse jetty 9.2.8
fedoraproject fedora 22
eclipse jetty 9.3.0
eclipse jetty 9.2.5
eclipse jetty 9.2.3
CVE-2015-8031

Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
eclipse hudson *
CVE-2016-4800 HIGH

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
eclipse jetty 9.3.2
eclipse jetty 9.3.8
eclipse jetty 9.3.6
eclipse jetty 9.3.5
eclipse jetty 9.3.0
eclipse jetty 9.3.3
eclipse jetty 9.3.4
eclipse jetty 9.3.7
eclipse jetty 9.3.1
CVE-2017-7243 MEDIUM

Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
eclipse tinydtls 0.8.2
CVE-2017-7649 HIGH

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
eclipse kura *
CVE-2017-7650 MEDIUM

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
eclipse mosquitto *
debian debian_linux 8.0
CVE-2017-7651 MEDIUM

In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-789,CWE-400,

Products Affected

Vendor Product Version
debian debian_linux 7.0
eclipse mosquitto *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-7652 MEDIUM

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-789,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 7.0
eclipse mosquitto *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-7653 LOW

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
eclipse mosquitto *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-7654 MEDIUM

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,CWE-772,

Products Affected

Vendor Product Version
eclipse mosquitto *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-7655 MEDIUM

In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
eclipse mosquitto *
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2017-7656 MEDIUM

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
eclipse jetty *
debian debian_linux 9.0
CVE-2017-7657 HIGH

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-444,CWE-190,CWE-444,

Products Affected

Vendor Product Version
netapp e-series_santricity_management -
netapp snap_creator_framework *
netapp oncommand_system_manager 3.x
oracle rest_data_services 18c
netapp element_software_management_node -
eclipse jetty *
netapp hci_storage_nodes -
netapp oncommand_unified_manager *
oracle retail_xstore_point_of_service 15.0
oracle rest_data_services 12.1.0.2
oracle rest_data_services 12.2.0.1
debian debian_linux 9.0
netapp snapmanager *
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 16.0
netapp e-series_santricity_os_controller *
oracle rest_data_services 11.2.0.4
netapp santricity_cloud_connector -
oracle retail_xstore_point_of_service 7.1
netapp snapcenter *
netapp element_software -
netapp e-series_santricity_web_services -
hp xp_p9000_command_view *
CVE-2017-7658 HIGH

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-444,CWE-444,

Products Affected

Vendor Product Version
netapp e-series_santricity_management -
oracle rest_data_services 18c
oracle retail_xstore_payment 3.3
eclipse jetty *
oracle retail_xstore_point_of_service 15.0
oracle rest_data_services 12.2.0.1
netapp hci_storage_node -
debian debian_linux 9.0
oracle retail_xstore_point_of_service 17.0
netapp snapcenter -
netapp hci_management_node -
oracle retail_xstore_point_of_service 16.0
netapp e-series_santricity_os_controller *
oracle rest_data_services 11.2.0.4
netapp santricity_cloud_connector -
netapp solidfire -
netapp snapmanager -
oracle rest_data_services 12.1.0.2
netapp storage_services_connector -
netapp snap_creator_framework -
netapp oncommand_unified_manager_for_7-mode -
oracle retail_xstore_point_of_service 7.1
netapp oncommand_system_manager *
netapp e-series_santricity_web_services -
hp xp_p9000_command_view *
CVE-2017-8315 HIGH

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
eclipse ide 2017.2.5
CVE-2017-9735 MEDIUM

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
oracle rest_data_services 18c
eclipse jetty *
oracle communications_cloud_native_core_policy 1.5.0
oracle retail_xstore_point_of_service 15.0
oracle rest_data_services 12.1.0.2
oracle rest_data_services 12.2.0.1
oracle enterprise_manager_base_platform 13.2
debian debian_linux 9.0
oracle retail_xstore_point_of_service 17.0
oracle enterprise_manager_base_platform 13.3
oracle retail_xstore_point_of_service 16.0
oracle rest_data_services 11.2.0.4
oracle retail_xstore_point_of_service 7.1
oracle hospitality_guest_access 4.2.1
oracle hospitality_guest_access 4.2.0
CVE-2017-9868 LOW

In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
eclipse mosquitto *
debian debian_linux 8.0
CVE-2018-1000644 HIGH

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
eclipse rdf4j 2.4.0
eclipse rdf4j *
CVE-2018-12536 MEDIUM

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 7.1
eclipse jetty *
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0.0
CVE-2018-12537 MEDIUM

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-93,CWE-20,

Products Affected

Vendor Product Version
eclipse vert.x *
CVE-2018-12538 MEDIUM

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-6,CWE-384,

Products Affected

Vendor Product Version
netapp e-series_santricity_web_services_proxy -
eclipse jetty *
netapp snapmanager -
netapp snapcenter -
netapp e-series_santricity_management_plug-ins -
netapp snap_creator_framework -
netapp e-series_santricity_os_controller *
netapp santricity_cloud_connector -
netapp oncommand_system_manager *
netapp oncommand_unified_manager -
netapp element_software -
netapp hyper_converged_infrastructure -
CVE-2018-12539 MEDIUM

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-419,CWE-502,

Products Affected

Vendor Product Version
oracle enterprise_manager_base_platform 13.2.0.0.0
eclipse openj9 0.8
oracle enterprise_manager_base_platform 13.3.0.0.0
CVE-2018-12540 MEDIUM

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
eclipse vert.x *
CVE-2018-12541 MEDIUM

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-789,CWE-119,

Products Affected

Vendor Product Version
eclipse vert.x *
CVE-2018-12542 HIGH

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
eclipse vert.x *
CVE-2018-12543 MEDIUM

In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,CWE-20,

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2018-12544 HIGH

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
eclipse vert.x 3.5.1
eclipse vert.x 3.5.3
eclipse vert.x 3.5.0
eclipse vert.x 3.5.2
CVE-2018-12545 MEDIUM

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
eclipse jetty 9.3.21
eclipse jetty 9.3.6
eclipse jetty 9.3.24
eclipse jetty 9.4.8
eclipse jetty 9.3.23
eclipse jetty 9.4.6
eclipse jetty 9.3.11
eclipse jetty 9.3.13
eclipse jetty 9.4.3
eclipse jetty 9.3.4
eclipse jetty 9.4.2
eclipse jetty 9.4.4
eclipse jetty 9.3.14
eclipse jetty 9.3.10
eclipse jetty 9.4.9
eclipse jetty 9.4.10
eclipse jetty 9.4.1
eclipse jetty 9.3.15
eclipse jetty 9.4.5
eclipse jetty 9.3.16
eclipse jetty 9.3.3
eclipse jetty 9.3.17
eclipse jetty 9.3.7
eclipse jetty 9.3.1
eclipse jetty 9.3.2
eclipse jetty 9.3.8
eclipse jetty 9.3.19
eclipse jetty 9.3.9
fedoraproject fedora 28
eclipse jetty 9.3.5
eclipse jetty 9.3.18
eclipse jetty 9.3.20
eclipse jetty 9.4.7
eclipse jetty 9.3.0
eclipse jetty 9.3.12
eclipse jetty 9.3.22
eclipse jetty 9.4.0
eclipse jetty 9.4.11
eclipse jetty 9.4.12
CVE-2018-12546 MEDIUM

In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-732,

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2018-12547 HIGH

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat satellite 5.8
redhat enterprise_linux_server 6.0
eclipse openj9 *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 6.0
CVE-2018-12548 HIGH

In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-822,CWE-119,

Products Affected

Vendor Product Version
eclipse openj9 0.11.0
CVE-2018-12549 HIGH

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-111,CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
eclipse openj9 0.11.0
redhat satellite 5.8
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 6.0
CVE-2018-12550 MEDIUM

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-440,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2018-12551 MEDIUM

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-703,CWE-287,

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2018-14371 MEDIUM

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
eclipse mojarra *
CVE-2018-20145 MEDIUM

Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2018-20227 MEDIUM

RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
eclipse rdf4j *
CVE-2019-10240 MEDIUM

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-494,CWE-829,CWE-319,

Products Affected

Vendor Product Version
eclipse hawkbit *
eclipse hawkbit 0.3.0
CVE-2019-10241 MEDIUM

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
eclipse jetty 9.3.21
oracle rest_data_services 18c
eclipse jetty 9.4.8
eclipse jetty 9.2.25
oracle rest_data_services 12.2.0.1
eclipse jetty 9.3.13
eclipse jetty 9.3.4
eclipse jetty 9.2.14
oracle retail_xstore_point_of_service 17.0
eclipse jetty 9.2.16
eclipse jetty 9.2.2
eclipse jetty 9.2.4
apache activemq 5.15.9
eclipse jetty 9.4.4
oracle flexcube_core_banking *
eclipse jetty 9.2.0
eclipse jetty 9.4.9
eclipse jetty 9.2.10
eclipse jetty 9.4.1
eclipse jetty 9.4.5
eclipse jetty 9.2.26
eclipse jetty 9.2.15
oracle rest_data_services 12.1.0.2
apache drill 1.16.0
eclipse jetty 9.3.3
eclipse jetty 9.4.14
eclipse jetty 9.2.17
eclipse jetty 9.3.9
eclipse jetty 9.4.13
eclipse jetty 9.2.6
oracle flexcube_core_banking 5.2.0
oracle retail_xstore_point_of_service 7.1
eclipse jetty 9.3.20
eclipse jetty 9.4.7
eclipse jetty 9.3.0
eclipse jetty 9.3.22
eclipse jetty 9.4.0
eclipse jetty 9.3.25
eclipse jetty 9.4.11
eclipse jetty 9.4.12
eclipse jetty 9.3.6
eclipse jetty 9.3.24
eclipse jetty 9.3.23
eclipse jetty 9.4.6
eclipse jetty 9.3.11
oracle retail_xstore_point_of_service 15.0
eclipse jetty 9.4.3
eclipse jetty 9.2.13
eclipse jetty 9.2.3
debian debian_linux 9.0
oracle retail_xstore_point_of_service 16.0
oracle rest_data_services 11.2.0.4
eclipse jetty 9.4.2
eclipse jetty 9.2.8
eclipse jetty 9.2.18
eclipse jetty 9.2.22
eclipse jetty 9.4.15
eclipse jetty 9.3.14
eclipse jetty 9.2.5
eclipse jetty 9.3.10
eclipse jetty 9.2.19
eclipse jetty 9.4.10
eclipse jetty 9.2.7
eclipse jetty 9.3.15
debian debian_linux 10.0
eclipse jetty 9.2.1
eclipse jetty 9.3.16
eclipse jetty 9.3.17
eclipse jetty 9.3.7
eclipse jetty 9.3.1
eclipse jetty 9.2.9
eclipse jetty 9.3.2
eclipse jetty 9.3.8
eclipse jetty 9.3.19
eclipse jetty 9.2.20
eclipse jetty 9.2.11
eclipse jetty 9.2.21
eclipse jetty 9.3.5
eclipse jetty 9.3.18
eclipse jetty 9.2.24
eclipse jetty 9.3.12
eclipse jetty 9.2.23
eclipse jetty 9.2.12
CVE-2019-10242 MEDIUM

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
eclipse kura *
CVE-2019-10243 MEDIUM

In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-497,CWE-200,

Products Affected

Vendor Product Version
eclipse kura *
CVE-2019-10244 MEDIUM

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
eclipse kura *
CVE-2019-10245 MEDIUM

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux_workstation 6.0
redhat satellite 5.8
redhat enterprise_linux_server 6.0
eclipse openj9 *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 6.0
CVE-2019-10246 MEDIUM

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-213,CWE-200,

Products Affected

Vendor Product Version
oracle unified_directory 12.2.1.4.0
oracle rest_data_services 18c
oracle data_integrator 12.2.1.3.0
netapp storage_replication_adapter_for_clustered_data_ontap *
oracle rest_data_services 12.2.0.1
oracle data_integrator 12.2.1.4.0
oracle retail_xstore_point_of_service 17.0
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.0.0
oracle enterprise_manager_base_platform 13.3
oracle unified_directory 12.2.1.3.0
oracle flexcube_core_banking *
oracle communications_session_report_manager 8.0.0
oracle flexcube_private_banking 12.0.0
eclipse jetty 9.2.27
oracle communications_services_gatekeeper 7.0
oracle rest_data_services 12.1.0.2
oracle communications_session_report_manager 8.1.1
netapp storage_services_connector -
oracle communications_element_manager 8.1.1
netapp snap_creator_framework -
oracle flexcube_core_banking 5.2.0
oracle retail_xstore_point_of_service 7.1
oracle hospitality_guest_access 4.2.0
netapp oncommand_system_manager *
oracle endeca_information_discovery_integrator 3.2.0
netapp element -
oracle communications_services_gatekeeper 6.1
oracle communications_session_report_manager 8.1.0
netapp vasa_provider_for_clustered_data_ontap -
oracle communications_analytics 12.1.1
oracle flexcube_private_banking 12.1.0
netapp vasa_provider_for_clustered_data_ontap *
oracle retail_xstore_point_of_service 15.0
oracle enterprise_manager_base_platform 13.2
oracle autovue 21.0.2
netapp snapcenter -
oracle retail_xstore_point_of_service 16.0
oracle rest_data_services 11.2.0.4
oracle communications_session_route_manager 8.0.0
netapp virtual_storage_console 9.6
oracle communications_session_report_manager 8.2.0
oracle communications_session_route_manager 8.2.0
netapp snapmanager -
eclipse jetty 9.3.26
oracle communications_session_route_manager 8.1.0
eclipse jetty 9.4.16
netapp virtual_storage_console *
oracle communications_element_manager 8.1.0
oracle communications_services_gatekeeper 6.0
oracle communications_session_route_manager 8.1.1
oracle hospitality_guest_access 4.2.1
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
CVE-2019-10247 MEDIUM

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-213,CWE-200,

Products Affected

Vendor Product Version
oracle unified_directory 12.2.1.4.0
eclipse jetty 9.4.8
eclipse jetty 8.1.8
eclipse jetty 9.3.4
eclipse jetty 8.1.7
eclipse jetty 9.2.16
eclipse jetty 8.1.6
oracle unified_directory 12.2.1.3.0
eclipse jetty 7.4.4
eclipse jetty 7.5.3
eclipse jetty 7.6.14
eclipse jetty 9.2.0
eclipse jetty 9.2.26
eclipse jetty 7.6.5
eclipse jetty 9.3.3
eclipse jetty 9.2.17
oracle communications_element_manager 8.1.1
eclipse jetty 9.4.13
eclipse jetty 9.2.6
oracle retail_xstore_point_of_service 7.1
eclipse jetty 7.6.1
eclipse jetty 8.1.20
eclipse jetty 7.6.2
oracle communications_services_gatekeeper 6.1
eclipse jetty 9.4.0
eclipse jetty 9.4.11
eclipse jetty 9.0.1
eclipse jetty 9.4.6
oracle retail_xstore_point_of_service 15.0
eclipse jetty 7.6.19
eclipse jetty 9.2.13
eclipse jetty 7.6.21
eclipse jetty 8.1.11
oracle communications_session_route_manager 8.0.0
eclipse jetty 9.2.18
eclipse jetty 8.0.2
eclipse jetty 9.4.15
eclipse jetty 9.1.2
eclipse jetty 9.1.5
eclipse jetty 9.3.14
eclipse jetty 7.6.16
eclipse jetty 9.4.10
eclipse jetty 7.4.3
eclipse jetty 7.5.2
eclipse jetty 7.4.1
eclipse jetty 8.1.0
eclipse jetty 7.2.1
eclipse jetty 8.1.22
eclipse jetty 9.1.1
eclipse jetty 9.3.16
oracle communications_element_manager 8.1.0
eclipse jetty 9.2.9
oracle communications_services_gatekeeper 6.0
oracle communications_session_route_manager 8.1.1
eclipse jetty 9.3.18
eclipse jetty 9.2.24
eclipse jetty 9.3.21
eclipse jetty 9.0.0
eclipse jetty 7.6.6
oracle fmw_platform 12.2.1.3.0
oracle communications_element_manager 8.2.0
eclipse jetty 8.1.19
eclipse jetty 9.2.2
eclipse jetty 9.4.4
eclipse jetty 7.3.0
oracle flexcube_private_banking 12.0.0
eclipse jetty 9.4.9
eclipse jetty 8.1.3
eclipse jetty 9.4.1
eclipse jetty 7.6.3
eclipse jetty 8.0.1
eclipse jetty 7.1.4
eclipse jetty 9.0.3
oracle flexcube_core_banking 5.2.0
netapp oncommand_system_manager *
eclipse jetty 9.4.7
eclipse jetty 7.6.20
oracle endeca_information_discovery_integrator 3.2.0
netapp element -
eclipse jetty 7.1.2
eclipse jetty 7.0.2
oracle communications_analytics 12.1.1
eclipse jetty 9.3.24
oracle flexcube_private_banking 12.1.0
eclipse jetty 9.3.23
eclipse jetty 8.1.9
eclipse jetty 9.4.3
debian debian_linux 9.0
eclipse jetty 9.4.2
eclipse jetty 8.0.0
oracle communications_session_route_manager 8.2.0
eclipse jetty 9.0.5
eclipse jetty 7.4.2
eclipse jetty 9.1.3
eclipse jetty 9.2.1
eclipse jetty 8.1.12
netapp virtual_storage_console *
eclipse jetty 9.3.2
eclipse jetty 9.3.19
eclipse jetty 9.2.21
oracle hospitality_guest_access 4.2.1
eclipse jetty 9.3.5
oracle data_integrator 12.2.1.3.0
eclipse jetty 9.2.25
oracle data_integrator 12.2.1.4.0
eclipse jetty 9.2.14
oracle retail_xstore_point_of_service 17.0
oracle communications_element_manager 8.0.0
eclipse jetty 9.2.4
oracle flexcube_core_banking *
eclipse jetty 8.1.14
eclipse jetty 7.2.2
eclipse jetty 9.2.10
eclipse jetty 9.2.27
eclipse jetty 9.1.0
eclipse jetty 9.4.5
oracle communications_session_report_manager 8.1.1
eclipse jetty 9.4.14
eclipse jetty 7.1.5
netapp storage_services_connector -
eclipse jetty 7.6.18
eclipse jetty 8.1.4
eclipse jetty 9.3.25
eclipse jetty 7.6.17
oracle communications_session_report_manager 8.1.0
eclipse jetty 7.6.0
netapp vasa_provider_for_clustered_data_ontap *
eclipse jetty 9.3.11
eclipse jetty 8.1.18
oracle enterprise_manager_base_platform 13.2
oracle autovue 21.0.2
oracle fmw_platform 12.2.1.4.0
netapp snapcenter -
eclipse jetty 9.2.8
oracle communications_session_report_manager 8.2.0
eclipse jetty 9.2.22
eclipse jetty 9.2.5
eclipse jetty 9.2.19
eclipse jetty 8.1.16
eclipse jetty 7.1.6
eclipse jetty 9.2.7
eclipse jetty 9.3.15
debian debian_linux 10.0
netapp snapmanager -
eclipse jetty 9.3.26
eclipse jetty 7.6.8
eclipse jetty 7.6.9
eclipse jetty 7.6.12
eclipse jetty 8.1.5
eclipse jetty 8.1.15
eclipse jetty 9.3.8
eclipse jetty 7.0.0
eclipse jetty 9.0.4
eclipse jetty 9.2.23
eclipse jetty 7.5.1
eclipse jetty 7.4.5
netapp storage_replication_adapter_for_clustered_data_ontap *
eclipse jetty 9.3.13
oracle enterprise_manager_base_platform 13.3
eclipse jetty 7.6.11
eclipse jetty 7.6.15
eclipse jetty 9.1.4
eclipse jetty 7.5.4
oracle communications_session_report_manager 8.0.0
eclipse jetty 7.6.10
eclipse jetty 9.0.7
oracle communications_services_gatekeeper 7.0
eclipse jetty 9.2.15
eclipse jetty 7.4.0
eclipse jetty 9.3.9
netapp snap_creator_framework -
eclipse jetty 8.1.2
oracle hospitality_guest_access 4.2.0
eclipse jetty 9.3.20
eclipse jetty 7.6.7
eclipse jetty 9.3.0
eclipse jetty 8.1.10
eclipse jetty 9.3.22
eclipse jetty 9.4.12
eclipse jetty 8.1.17
eclipse jetty 8.2.0
eclipse jetty 9.3.6
eclipse jetty 7.1.3
eclipse jetty 7.1.1
eclipse jetty 8.0.4
eclipse jetty 9.2.3
oracle retail_xstore_point_of_service 16.0
eclipse jetty 7.1.0
eclipse jetty 9.1.6
eclipse jetty 7.2.0
eclipse jetty 7.0.1
eclipse jetty 9.3.10
eclipse jetty 9.0.2
eclipse jetty 7.6.4
eclipse jetty 8.1.21
eclipse jetty 7.3.1
eclipse jetty 8.0.3
oracle communications_session_route_manager 8.1.0
eclipse jetty 9.3.17
eclipse jetty 9.3.7
eclipse jetty 7.6.13
eclipse jetty 9.3.1
eclipse jetty 9.2.20
eclipse jetty 7.5.0
eclipse jetty 9.2.11
eclipse jetty 8.1.1
eclipse jetty 8.1.13
eclipse jetty 9.3.12
eclipse jetty 9.0.6
eclipse jetty 9.2.12
CVE-2019-10248 MEDIUM

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-494,CWE-829,CWE-669,

Products Affected

Vendor Product Version
eclipse vorto *
CVE-2019-10249 MEDIUM

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-494,CWE-829,CWE-116,

Products Affected

Vendor Product Version
eclipse xtext *
eclipse xtend *
CVE-2019-11770 MEDIUM

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-829,CWE-669,

Products Affected

Vendor Product Version
eclipse buildship *
CVE-2019-11771 MEDIUM

AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,CWE-264,

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2019-11772 HIGH

In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2019-11773 MEDIUM

Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,CWE-427,

Products Affected

Vendor Product Version
eclipse omr *
CVE-2019-11774 MEDIUM

Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,CWE-367,

Products Affected

Vendor Product Version
eclipse omr *
CVE-2019-11775 MEDIUM

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,CWE-367,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat satellite 5.8
redhat enterprise_linux_server 6.0
eclipse openj9 *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 6.0
CVE-2019-11776 MEDIUM

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
eclipse business_intelligence_and_reporting_tools *
CVE-2019-11777 MEDIUM

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,CWE-346,CWE-755,

Products Affected

Vendor Product Version
eclipse paho_java_client 1.2.0
CVE-2019-11778 MEDIUM

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2019-11779 MEDIUM

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-674,

Products Affected

Vendor Product Version
fedoraproject fedora 31
fedoraproject fedora 30
fedoraproject fedora 29
debian debian_linux 10.0
canonical ubuntu_linux 19.04
opensuse backports_sle 15.0
eclipse mosquitto *
opensuse leap 15.1
debian debian_linux 8.0
CVE-2019-17091 MEDIUM

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
oracle communications_unified_inventory_management 7.4.0
oracle retail_assortment_planning 16.0.3
oracle time_and_labor *
oracle banking_enterprise_product_manufacturing 2.7.0
oracle health_sciences_information_manager 3.0
oracle retail_financial_integration 15.0
oracle communications_network_integrity 7.3.6
oracle retail_store_inventory_management 15.0.3
oracle rapid_planning 12.1
oracle retail_service_backbone 16.0
oracle retail_store_inventory_management 14.0.4
oracle retail_store_inventory_management 14.1.3
oracle retail_invoice_matching 16.0
oracle secure_global_desktop 5.4
oracle primavera_p6_enterprise_project_portfolio_management 19.12.0.0
oracle retail_advanced_inventory_planning 15.0
oracle retail_store_inventory_management 16.0.3
oracle primavera_p6_enterprise_project_portfolio_management *
oracle retail_integration_bus 15.0
oracle retail_advanced_inventory_planning 16.0
oracle communications_network_integrity 7.3.5
oracle communications_unified_inventory_management 7.3.0
oracle application_testing_suite 13.3.0.1
oracle secure_global_desktop 5.5
oracle banking_enterprise_product_manufacturing 2.8.0
oracle communications_diameter_signaling_router *
oracle retail_service_backbone 15.0
oracle retail_merchandising_system 16.0
oracle retail_integration_bus 16.0
oracle healthcare_data_repository 7.0
oracle enterprise_data_quality 12.2.1.3.0
oracle retail_financial_integration 16.0
oracle application_testing_suite 13.2.0.1
eclipse mojarra *
oracle rapid_planning 12.2
oracle retail_bulk_data_integration 16.0.3.0
oracle mojarra_javaserver_faces *
CVE-2019-17631 MEDIUM

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-269,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 8.1
redhat satellite 5.8
redhat enterprise_linux_server 6.0
eclipse openj9 *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 6.0
CVE-2019-17632 MEDIUM

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
eclipse jetty 9.4.22
eclipse jetty 9.4.23
eclipse jetty 9.4.21
CVE-2019-17633 MEDIUM

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations (e.g. on personal laptops). In that case, even if the Che API is not exposed externally, some javascript running in the local browser is able to send requests to it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
eclipse che *
CVE-2019-17634 HIGH

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
eclipse memory_analyzer *
CVE-2019-17635 MEDIUM

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
eclipse memory_analyzer *
CVE-2019-17636 MEDIUM

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,CWE-345,

Products Affected

Vendor Product Version
eclipse theia *
CVE-2019-17637 MEDIUM

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
eclipse web_tools_platform *
debian debian_linux 9.0
CVE-2019-17638 HIGH

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-672,CWE-675,CWE-672,

Products Affected

Vendor Product Version
eclipse jetty 9.4.29
eclipse jetty 9.4.28
eclipse jetty 9.4.27
CVE-2019-17639 MEDIUM

In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-843,CWE-843,

Products Affected

Vendor Product Version
eclipse openj9 0.21.0
eclipse openj9 *
CVE-2019-17640 HIGH

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
eclipse vert.x *
eclipse vert.x 4.0.0
CVE-2019-18212 MEDIUM

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
xml_language_server_project xml_server_project *
eclipse wild_web_developer -
theia_xml_extension_project theia_xml_extension -
CVE-2019-18213 MEDIUM

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
xml_language_server_project xml_server_project *
eclipse wild_web_developer -
theia_xml_extension_project theia_xml_extension -
CVE-2019-9004 MEDIUM

In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of the LWM2M server after exhausting all available memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
eclipse wakaama 1.0
CVE-2020-10689 MEDIUM

A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
secalert@redhat.com 6.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,NVD-CWE-Other,

Products Affected

Vendor Product Version
eclipse che *
CVE-2020-14368 MEDIUM

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site WebSocket hijack on Theia IDE. This flaw allows an attacker to gain full access to the victim's workspace through the /services endpoint. To perform a successful attack, the attacker conducts a Man-in-the-middle attack (MITM) and tricks the victim into executing a request via an untrusted link, which performs the CSRF and the Socket hijack. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
eclipse che *
CVE-2020-18734 MEDIUM

A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
eclipse cyclone_data_distribution_service 0.1.0
CVE-2020-18735 MEDIUM

A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
eclipse cyclone_data_distribution_service 0.1.0
CVE-2020-27216 MEDIUM

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-378,CWE-379,NVD-CWE-Other,

Products Affected

Vendor Product Version
apache beam 2.22.0
oracle flexcube_private_banking 12.1.0
eclipse jetty *
apache beam 2.23.0
oracle communications_application_session_controller 3.9m0p2
debian debian_linux 9.0
netapp snapcenter -
oracle siebel_core_-_automation *
netapp storage_replication_adapter *
oracle communications_element_manager *
oracle flexcube_core_banking *
oracle communications_pricing_design_center 12.0.0.3.0
apache beam 2.25.0
oracle flexcube_private_banking 12.0.0
eclipse jetty 10.0.0
debian debian_linux 10.0
oracle communications_offline_mediation_controller 12.0.0.3.0
apache beam 2.24.0
oracle communications_services_gatekeeper 7.0
netapp virtual_storage_console *
netapp snap_creator_framework -
eclipse jetty 11.0.0
oracle jd_edwards_enterpriseone_tools *
netapp vasa_provider *
oracle communications_converged_application_server_-_service_controller 6.2
apache beam 2.21.0
CVE-2020-27217 MEDIUM

In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
eclipse hono 1.3.0
eclipse hono 1.4.0
CVE-2020-27218 MEDIUM

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-226,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle flexcube_private_banking 12.0.0
apache spark 3.0.3
oracle blockchain_platform *
eclipse jetty 10.0.0
apache kafka 2.7.0
apache spark 2.4.8
oracle flexcube_private_banking 12.1.0
eclipse jetty *
debian debian_linux 10.0
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle communications_services_gatekeeper 7.0
oracle communications_session_route_manager *
oracle siebel_core_-_automation *
netapp snap_creator_framework -
oracle rest_data_services *
eclipse jetty 11.0.0
netapp oncommand_system_manager *
oracle retail_eftlink 20.0.0
oracle communications_pricing_design_center 12.0.0.3.0
oracle communications_converged_application_server_-_service_controller 6.2
oracle hyperion_infrastructure_technology 11.1.2.6.0
CVE-2020-27219 MEDIUM

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
eclipse hawkbit *
eclipse hawkbit 0.3.0
CVE-2020-27220 HIGH

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
eclipse hono 1.5.0
eclipse hono *
CVE-2020-27221 HIGH

In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2020-27222 MEDIUM

In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-372,NVD-CWE-Other,

Products Affected

Vendor Product Version
eclipse californium *
CVE-2020-27223 MEDIUM

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
emo@eclipse.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-407,CWE-400,

Products Affected

Vendor Product Version
eclipse jetty 10.0.0
eclipse jetty *
debian debian_linux 10.0
eclipse jetty 9.4.6
apache nifi 1.13.0
netapp snapmanager -
eclipse jetty 9.4.36
apache spark 3.1.1
netapp snapcenter -
netapp management_services_for_element_software -
netapp hci_management_node -
netapp snap_creator_framework -
netapp e-series_santricity_os_controller *
oracle rest_data_services *
eclipse jetty 11.0.0
netapp hci -
netapp solidfire -
apache solr 8.8.1
netapp e-series_santricity_web_services -
netapp element_plug-in_for_vcenter_server -
CVE-2020-27224 HIGH

In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
eclipse theia *
CVE-2020-27225 MEDIUM

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
eclipse platform *
CVE-2020-35217 MEDIUM

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
eclipse vert.x-web 4.0.0
CVE-2020-6950 MEDIUM

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
oracle solaris_cluster 4.0
oracle banking_platform 2.7.1
oracle time_and_labor *
oracle banking_platform 2.12.0
oracle retail_merchandising_system 19.0.1
oracle communications_network_integrity 7.3.6
oracle banking_platform 2.9.0
oracle banking_enterprise_default_management 2.10.0
oracle banking_platform 2.6.2
oracle banking_enterprise_default_management 2.12.0
oracle communications_pricing_design_center 12.0.0.3.0
oracle hyperion_calculation_manager *
eclipse mojarra *
CVE-2021-28161 MEDIUM

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
eclipse theia *
CVE-2021-28162 MEDIUM

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-830,CWE-829,

Products Affected

Vendor Product Version
eclipse theia *
CVE-2021-28163 MEDIUM

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-59,

Products Affected

Vendor Product Version
oracle communications_element_manager 8.2.2
fedoraproject fedora 34
eclipse jetty *
apache ignite *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
oracle autovue_for_agile_product_lifecycle_management 21.0.2
netapp snapcenter -
oracle communications_session_route_manager *
oracle siebel_core_-_automation *
netapp e-series_santricity_os_controller *
netapp santricity_cloud_connector -
netapp e-series_performance_analyzer -
eclipse jetty 11.0.1
eclipse jetty 10.0.1
fedoraproject fedora 32
apache solr 8.8.1
oracle communications_session_report_manager *
netapp element_plug-in_for_vcenter_server -
eclipse jetty 10.0.0
oracle communications_services_gatekeeper 7.0
oracle banking_digital_experience 21.1
fedoraproject fedora 33
oracle banking_apis 21.1
netapp virtual_storage_console *
eclipse jetty 11.0.0
oracle banking_apis 20.1
netapp cloud_manager -
netapp snapcenter_plug-in -
oracle banking_digital_experience 20.1
netapp e-series_santricity_web_services -
CVE-2021-28164 MEDIUM

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-551,NVD-CWE-Other,

Products Affected

Vendor Product Version
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
oracle banking_digital_experience 21.1
oracle banking_apis 21.1
oracle autovue_for_agile_product_lifecycle_management 21.0.2
netapp virtual_storage_console *
netapp snapcenter -
oracle communications_session_route_manager *
oracle siebel_core_-_automation *
netapp e-series_santricity_os_controller *
netapp santricity_cloud_connector -
netapp e-series_performance_analyzer -
oracle banking_apis 20.1
eclipse jetty 9.4.38
netapp cloud_manager -
netapp snapcenter_plug-in -
eclipse jetty 9.4.37
oracle banking_digital_experience 20.1
netapp e-series_santricity_web_services -
netapp element_plug-in_for_vcenter_server -
CVE-2021-28165 HIGH

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-551,CWE-755,CWE-755,

Products Affected

Vendor Product Version
oracle communications_element_manager 8.2.2
eclipse jetty *
oracle communications_cloud_native_core_policy 1.14.0
netapp santricity_web_services_proxy *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
oracle communications_services_gatekeeper 7.0
netapp cloud_manager *
oracle autovue_for_agile_product_lifecycle_management 21.0.2
netapp e-series_performance_analyzer *
netapp ontap_tools *
oracle communications_session_route_manager *
oracle siebel_core_-_automation *
netapp e-series_santricity_os_controller *
oracle rest_data_services *
netapp santricity_cloud_connector -
netapp e-series_santricity_storage *
netapp snapcenter *
netapp e-series_santricity_web_services *
jenkins jenkins *
oracle communications_session_report_manager *
CVE-2021-28166 MEDIUM

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
emo@eclipse.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2021-28167 MEDIUM

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-909,CWE-909,

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2021-28168 LOW

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
emo@eclipse.org 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-378,CWE-379,CWE-668,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_policy 1.15.0
eclipse jersey *
oracle communications_cloud_native_core_unified_data_repository 1.15.0
CVE-2021-28169 MEDIUM

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
emo@eclipse.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-Other,

Products Affected

Vendor Product Version
netapp management_services_for_element_software -
netapp active_iq_unified_manager -
netapp snap_creator_framework -
oracle rest_data_services *
netapp hci -
eclipse jetty *
debian debian_linux 10.0
oracle communications_cloud_native_core_policy 1.14.0
debian debian_linux 9.0
CVE-2021-28170 MEDIUM

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-917,

Products Affected

Vendor Product Version
quarkus quarkus *
oracle weblogic_server 14.1.1.0.0
oracle communications_cloud_native_core_policy 1.14.0
eclipse jakarta_expression_language *
CVE-2021-32834 MEDIUM

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0
security-advisories@github.com 8.2 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 1.8 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-917,

Products Affected

Vendor Product Version
eclipse keti -
CVE-2021-32835 MEDIUM

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-693,

Products Affected

Vendor Product Version
eclipse keti -
CVE-2021-34427 HIGH

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-434,

Products Affected

Vendor Product Version
eclipse business_intelligence_and_reporting_tools *
CVE-2021-34428 LOW

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.9 2.5
emo@eclipse.org 2.9 LOW CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N 0.4 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-613,CWE-613,

Products Affected

Vendor Product Version
oracle communications_element_manager 8.2.2
eclipse jetty *
debian debian_linux 10.0
netapp snapmanager -
oracle communications_services_gatekeeper 7.0
oracle autovue_for_agile_product_lifecycle_management 21.0.2
netapp active_iq_unified_manager -
oracle communications_session_route_manager *
oracle siebel_core_-_automation *
netapp snap_creator_framework -
netapp e-series_santricity_os_controller *
oracle rest_data_services *
netapp santricity_cloud_connector -
oracle communications_session_report_manager *
netapp e-series_santricity_web_services -
netapp element_plug-in_for_vcenter_server -
CVE-2021-34429 MEDIUM

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
emo@eclipse.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-551,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_security_edge_protection_proxy 1.5.0
eclipse jetty *
oracle communications_diameter_signaling_router *
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle communications_cloud_native_core_binding_support_function 1.10.0
netapp hci_management_node -
netapp snap_creator_framework -
netapp e-series_santricity_os_controller *
oracle rest_data_services *
oracle stream_analytics *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle communications_cloud_native_core_unified_data_repository 1.14.0
oracle retail_eftlink 20.0.1
netapp solidfire -
oracle stream_analytics 19c
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
netapp snapcenter_plug-in -
netapp e-series_santricity_web_services -
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
netapp element_plug-in_for_vcenter_server -
CVE-2021-34430 MEDIUM

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-338,CWE-326,

Products Affected

Vendor Product Version
eclipse tinydtls *
eclipse tinydtls 0.9
CVE-2021-34431 MEDIUM

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,CWE-401,

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2021-34432 MEDIUM

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2021-34433 MEDIUM

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-322,CWE-347,

Products Affected

Vendor Product Version
eclipse californium *
eclipse californium 3.0.0
CVE-2021-34434 MEDIUM

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-863,

Products Affected

Vendor Product Version
fedoraproject fedora 34
fedoraproject fedora 35
eclipse mosquitto *
CVE-2021-34435 MEDIUM

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file..

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-942,CWE-346,

Products Affected

Vendor Product Version
eclipse theia *
CVE-2021-34436 HIGH

In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-611,CWE-22,CWE-611,

Products Affected

Vendor Product Version
eclipse theia *
CVE-2021-38441 HIGH

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
ics-cert@hq.dhs.gov 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-123,

Products Affected

Vendor Product Version
eclipse cyclonedds *
CVE-2021-38443 HIGH

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
ics-cert@hq.dhs.gov 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-228,

Products Affected

Vendor Product Version
eclipse cyclonedds *
CVE-2021-41033 MEDIUM

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
eclipse equinox *
eclipse equinox 4.21
CVE-2021-41034 MEDIUM

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-924,CWE-924,

Products Affected

Vendor Product Version
eclipse che *
CVE-2021-41035 HIGH

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-250,CWE-440,NVD-CWE-Other,

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2021-41036 HIGH

In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
eclipse paho_mqtt_c/c++_client *
CVE-2021-41037 MEDIUM

In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, it's possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-829,CWE-829,

Products Affected

Vendor Product Version
eclipse equinox_p2 *
CVE-2021-41038 MEDIUM

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-940,NVD-CWE-Other,

Products Affected

Vendor Product Version
eclipse theia *
CVE-2021-41039 MEDIUM

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1050,NVD-CWE-Other,

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2021-41040 MEDIUM

In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
eclipse wakaama 1.0
CVE-2021-41041 MEDIUM

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,CWE-843,CWE-908,CWE-252,

Products Affected

Vendor Product Version
eclipse openj9 *
oracle java_se 8
oracle java_se 11
CVE-2021-41042 MEDIUM

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
eclipse lyo *
CVE-2022-0672 LOW

A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
eclipse lemminx *
CVE-2022-0673 MEDIUM

A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
eclipse lemminx *
CVE-2022-2047 MEDIUM

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 1.2 1.4
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 1.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
netapp snapcenter -
debian debian_linux 11.0
eclipse jetty *
debian debian_linux 10.0
netapp solidfire_&_hci_storage_node -
netapp hci_compute_node -
netapp management_services_for_element_software_and_netapp_hci -
netapp element_plug-in_for_vcenter_server -
CVE-2022-2048 MEDIUM

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-410,CWE-664,NVD-CWE-Other,

Products Affected

Vendor Product Version
netapp snapcenter -
debian debian_linux 11.0
eclipse jetty *
debian debian_linux 10.0
netapp solidfire_&_hci_storage_node -
netapp hci_compute_node -
netapp management_services_for_element_software_and_netapp_hci -
jenkins jenkins *
netapp element_plug-in_for_vcenter_server -
CVE-2022-2191 MEDIUM

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
emo@eclipse.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,CWE-664,CWE-404,

Products Affected

Vendor Product Version
eclipse jetty *
CVE-2022-2576

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse californium *
CVE-2022-25897

The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
report@snyk.io 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse milo *
CVE-2022-2712

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.

Products Affected

Vendor Product Version
eclipse glassfish *
CVE-2022-2838

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
eclipse sphinx *
CVE-2022-29223 HIGH

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 - `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
eclipse threadx_usbx *
microsoft azure_rtos_usbx *
CVE-2022-29246 HIGH

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
eclipse threadx_usbx *
microsoft azure_rtos_usbx *
CVE-2022-36022

Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.

Products Affected

Vendor Product Version
eclipse deeplearning4j *
eclipse deeplearning4j 1.0.0
CVE-2022-36063

Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a `0` or `1` allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the `cdc_ecm -> ux_host_class_cdc_ecm_node_id` array. This may allow one to redirect the code execution flow or introduce a denial of service. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 2.8 4.7
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
eclipse threadx_usbx *
microsoft azure_rtos_usbx *
CVE-2022-3676

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2022-39293

Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a “if” branch, which check the expression of “(header_length - UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length” where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`. 1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
eclipse threadx_usbx *
microsoft azure_rtos_usbx *
CVE-2022-39368

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3f

Products Affected

Vendor Product Version
eclipse californium *
CVE-2023-0100

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
eclipse business_intelligence_and_reporting_tools *
CVE-2023-0809

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
emo@eclipse.org 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2023-24815

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return "/" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
eclipse vert.x-web *
CVE-2023-2597

In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2023-26048

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
eclipse jetty *
CVE-2023-26049

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 2.4 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N 0.9 1.4

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp e-series_santricity_os_controller *
debian debian_linux 11.0
netapp e-series_santricity_unified_manager -
eclipse jetty *
eclipse jetty 12.0.0
debian debian_linux 10.0
debian debian_linux 12.0
netapp e-series_santricity_web_services -
CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2023-32081

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
eclipse vert.x_stomp *
CVE-2023-3592

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
emo@eclipse.org 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
eclipse jetty *
debian debian_linux 10.0
jenkins jenkins *
debian debian_linux 12.0
CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 3.5 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N 1.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
debian debian_linux 11.0
eclipse jetty *
eclipse jetty 12.0.0
debian debian_linux 10.0
debian debian_linux 12.0
CVE-2023-40167

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
debian debian_linux 11.0
eclipse jetty *
eclipse jetty 12.0.0
debian debian_linux 10.0
debian debian_linux 12.0
CVE-2023-4043

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
emo@eclipse.org 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
eclipse parsson *
CVE-2023-41034

Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to `XXE Attacks`. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files (e.g. if they let external users provide their own model), in that case they MUST upgrade to fixed version. If you parse only trusted DDF file and validate only with trusted xml schema, upgrading is not mandatory. This issue has been fixed in versions 1.5.0 and 2.0.0-M13. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 2.2 4.2

Products Affected

Vendor Product Version
eclipse leshan *
eclipse leshan 2.0.0
CVE-2023-41900

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
security-advisories@github.com 3.5 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
debian debian_linux 11.0
eclipse jetty *
debian debian_linux 12.0
CVE-2023-4218

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 1.3 3.6
emo@eclipse.org 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 1.3 3.6

Products Affected

Vendor Product Version
eclipse org.eclipse.core.runtime *
eclipse pde *
eclipse eclipse_ide *
CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_ssl_orchestrator *
f5 big-ip_carrier-grade_nat 17.1.0
redhat node_maintenance_operator -
dena h2o *
f5 big-ip_domain_name_system *
microsoft asp.net_core *
redhat cert-manager_operator_for_red_hat_openshift -
linecorp armeria *
apache traffic_server *
microsoft windows_11_22h2 *
cisco crosswork_zero_touch_provisioning *
jenkins jenkins *
cisco crosswork_data_gateway *
fedoraproject fedora 38
f5 big-ip_ssl_orchestrator 17.1.0
golang go *
cisco ultra_cloud_core_-_policy_control_function 2024.01.0
cisco ultra_cloud_core_-_session_management_function *
redhat enterprise_linux 6.0
cisco iot_field_network_director *
f5 big-ip_carrier-grade_nat *
f5 big-ip_application_visibility_and_reporting *
cisco nx-os *
redhat jboss_core_services -
cisco ios_xe *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_domain_name_system 17.1.0
redhat openshift_service_mesh 2.0
cisco unified_contact_center_enterprise_-_live_data_server *
redhat jboss_data_grid 7.0.0
cisco firepower_threat_defense *
redhat build_of_optaplanner 8.0
f5 big-ip_websafe *
redhat integration_camel_for_spring_boot -
redhat enterprise_linux 9.0
konghq kong_gateway *
microsoft windows_10_1607 *
microsoft windows_10_21h2 *
debian debian_linux 12.0
f5 big-ip_next_service_proxy_for_kubernetes *
cisco data_center_network_manager -
f5 big-ip_access_policy_manager *
redhat fence_agents_remediation_operator -
envoyproxy envoy 1.24.10
cisco ios_xr *
f5 big-ip_advanced_web_application_firewall 17.1.0
f5 nginx *
varnish_cache_project varnish_cache *
cisco unified_attendant_console_advanced -
apache tomcat *
golang networking *
redhat cryostat 2.0
redhat network_observability_operator -
cisco prime_network_registrar *
eclipse jetty *
redhat migration_toolkit_for_containers -
cisco crosswork_data_gateway 5.0
redhat openshift_pipelines -
redhat satellite 6.0
f5 big-ip_application_acceleration_manager 17.1.0
redhat openstack_platform 16.2
redhat jboss_fuse 7.0.0
cisco ultra_cloud_core_-_serving_gateway_function *
netapp astra_control_center -
redhat openshift_api_for_data_protection -
f5 big-ip_policy_enforcement_manager *
redhat jboss_enterprise_application_platform 6.0.0
f5 big-ip_webaccelerator 17.1.0
golang http2 *
microsoft windows_10_1809 *
cisco unified_contact_center_management_portal -
redhat jboss_fuse 6.0.0
microsoft windows_server_2019 -
microsoft cbl-mariner *
redhat openshift_gitops -
redhat openshift_data_science -
envoyproxy envoy 1.25.9
cisco unified_contact_center_domain_manager -
redhat integration_camel_k -
f5 big-ip_local_traffic_manager *
redhat enterprise_linux 8.0
redhat jboss_a-mq_streams -
cisco unified_contact_center_enterprise -
redhat self_node_remediation_operator -
microsoft windows_server_2016 -
redhat machine_deletion_remediation_operator -
f5 big-ip_application_acceleration_manager *
redhat migration_toolkit_for_virtualization -
f5 big-ip_global_traffic_manager 17.1.0
redhat certification_for_red_hat_enterprise_linux 8.0
redhat logging_subsystem_for_red_hat_openshift -
redhat ceph_storage 5.0
redhat web_terminal -
f5 big-ip_application_visibility_and_reporting 17.1.0
redhat run_once_duration_override_operator -
redhat openshift_distributed_tracing -
redhat openshift -
redhat advanced_cluster_management_for_kubernetes 2.0
f5 big-ip_analytics 17.1.0
redhat openshift_dev_spaces -
f5 big-ip_global_traffic_manager *
redhat openstack_platform 17.1
f5 big-ip_application_security_manager *
f5 nginx_ingress_controller *
f5 big-ip_next 20.0.1
nghttp2 nghttp2 *
envoyproxy envoy 1.26.4
linkerd linkerd 2.14.1
redhat decision_manager 7.0
traefik traefik *
f5 nginx_plus r29
openresty openresty *
microsoft .net *
istio istio *
f5 big-ip_ddos_hybrid_defender 17.1.0
redhat support_for_spring_boot -
f5 big-ip_access_policy_manager 17.1.0
cisco ultra_cloud_core_-_policy_control_function *
apache apisix *
f5 big-ip_link_controller 17.1.0
apple swiftnio_http/2 *
redhat build_of_quarkus -
cisco telepresence_video_communication_server *
cisco prime_access_registrar *
traefik traefik 3.0.0
debian debian_linux 11.0
f5 nginx_plus *
microsoft windows_10_22h2 *
caddyserver caddy *
redhat node_healthcheck_operator -
redhat jboss_a-mq 7
redhat openshift_serverless -
ietf http 2.0
apache tomcat 11.0.0
netapp oncommand_insight -
redhat openshift_virtualization 4
cisco fog_director *
redhat 3scale_api_management_platform 2.0
f5 big-ip_link_controller *
redhat jboss_enterprise_application_platform 7.0.0
fedoraproject fedora 37
f5 big-ip_fraud_protection_service 17.1.0
redhat advanced_cluster_security 3.0
linkerd linkerd 2.13.0
debian debian_linux 10.0
redhat openshift_secondary_scheduler_operator -
envoyproxy envoy 1.27.0
amazon opensearch_data_prepper *
f5 big-ip_websafe 17.1.0
cisco prime_cable_provisioning *
f5 big-ip_local_traffic_manager 17.1.0
projectcontour contour *
redhat integration_service_registry -
redhat openshift_developer_tools_and_services -
f5 big-ip_application_security_manager 17.1.0
cisco prime_infrastructure *
redhat service_interconnect 1.0
cisco crosswork_situation_manager -
cisco secure_dynamic_attributes_connector *
nodejs node.js *
grpc grpc *
linkerd linkerd 2.13.1
redhat ansible_automation_platform 2.0
cisco secure_malware_analytics *
redhat openshift_sandboxed_containers -
redhat cost_management -
redhat openshift_container_platform 4.0
redhat process_automation 7.0
microsoft windows_server_2022 -
cisco connected_mobile_experiences *
cisco secure_web_appliance_firmware *
f5 big-ip_advanced_firewall_manager 17.1.0
netty netty *
f5 big-ip_ddos_hybrid_defender *
cisco enterprise_chat_and_email -
redhat service_telemetry_framework 1.5
cisco expressway *
f5 big-ip_policy_enforcement_manager 17.1.0
akka http_server *
linkerd linkerd *
cisco business_process_automation *
kazu-yamamoto http2 *
apache solr *
f5 nginx_plus r30
f5 big-ip_analytics *
f5 big-ip_fraud_protection_service *
microsoft azure_kubernetes_service *
f5 big-ip_webaccelerator *
redhat single_sign-on 7.0
redhat openshift_container_platform_assisted_installer -
microsoft visual_studio_2022 *
grpc grpc 1.57.0
redhat certification_for_red_hat_enterprise_linux 9.0
redhat quay 3.0.0
redhat openstack_platform 16.1
microsoft windows_11_21h2 *
facebook proxygen *
linkerd linkerd 2.14.0
redhat advanced_cluster_security 4.0
redhat migration_toolkit_for_applications 6.0
f5 big-ip_advanced_firewall_manager *
CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit maintainers would like to thank RyotaK for finding and reporting this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
emo@eclipse.org 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
eclipse jgit *
CVE-2023-4760

In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept. For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
emo@eclipse.org 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L 2.8 4.7

Products Affected

Vendor Product Version
eclipse remote_application_platform *
CVE-2023-48694

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
eclipse threadx_usbx *
microsoft azure_rtos_usbx *
CVE-2023-48695

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.3 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 0.9 5.8
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
eclipse threadx_usbx *
microsoft azure_rtos_usbx *
CVE-2023-48696

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security-advisories@github.com 6.7 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N 0.4 5.8

Products Affected

Vendor Product Version
eclipse threadx_usbx *
microsoft azure_rtos_usbx *
CVE-2023-48697

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.4 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
eclipse threadx_usbx *
microsoft azure_rtos_usbx *
CVE-2023-48698

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 0.5 5.8
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
eclipse threadx_usbx *
microsoft azure_rtos_usbx *
CVE-2023-5632

In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse mosquitto *
eclipse mosquitto 2.0.5
CVE-2023-5676

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.5 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2023-5763

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
emo@eclipse.org 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
eclipse glassfish *
CVE-2023-6194

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 2.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N 1.3 1.4
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
eclipse memory_analyzer *
CVE-2023-7272

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

Products Affected

Vendor Product Version
eclipse parsson *
CVE-2024-0740

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
eclipse target_management *
CVE-2024-10029

In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.

Products Affected

Vendor Product Version
eclipse glassfish 7.0.15
CVE-2024-10031

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.

Products Affected

Vendor Product Version
eclipse glassfish 7.0.15
CVE-2024-10032

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

Products Affected

Vendor Product Version
eclipse glassfish 7.0.15
CVE-2024-10525

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2024-10838

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
eclipse cyclone_data_distribution_service *
CVE-2024-10917

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2024-13009

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 3.9 2.7

Products Affected

Vendor Product Version
eclipse jetty *
CVE-2024-2212

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L 1.8 5.5

Products Affected

Vendor Product Version
eclipse threadx *
CVE-2024-2214

In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
eclipse threadx *
CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
eclipse jetty *
debian debian_linux 10.0
netapp bluexp -
CVE-2024-2452

In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.0 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L 2.2 4.7

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2024-3046

In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
eclipse kura *
CVE-2024-3933

In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L 1.0 4.2

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2024-3935

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2024-4536

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. When using a custom, OAuth2-protected data sink, the OAuth2-specific data address properties are resolved by the provider data plane. Problematically, the consumer-provided clientSecretKey, which indicates the OAuth2 client secret to retrieve from a secrets vault, is resolved in the context of the provider's vault, not the consumer. This secret's value is then sent to the tokenUrl, also consumer-controlled, as part of an OAuth2 client credentials grant. The returned access token is then sent as a bearer token to the data sink URL. This feature is now disabled entirely, because not all code paths necessary for a successful realization were fully implemented.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 6.8 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L 1.0 5.3

Products Affected

Vendor Product Version
eclipse edc_connector *
CVE-2024-5165

In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting). Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. the last performed "search queries", resulting in a "Reflected XSS" vulnerability. However, several other inputs were persisted at the backend of Eclipse Ditto, leading to a "Stored XSS" vulnerability. Those mean that authenticated and authorized users at Eclipse Ditto can persist Things in Ditto which can - when being displayed by other users also being authorized to see those Things in the Eclipse Ditto UI - cause scripts to be executed in the browser of other users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
eclipse ditto *
CVE-2024-6762

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 1.6 1.4

Products Affected

Vendor Product Version
eclipse jetty *
CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

Products Affected

Vendor Product Version
eclipse jetty *
CVE-2024-8184

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
eclipse jetty *
CVE-2024-8376

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

Products Affected

Vendor Product Version
eclipse mosquitto *
CVE-2024-9202

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single dataset, which should be subject to the same filtering process, but currently is missing the correct filtering. This enables parties to potentially see datasets they should not have access to, thereby exposing sensitive information. Exploiting this vulnerability requires knowing the ID of a restricted dataset, but some IDs may be guessed by trying out many IDs in an automated way. Affected code: DatasetResolverImpl, L76-79 https://github.com/eclipse-edc/Connector/blob/v0.9.0/core/control-plane/control-plane-catalog/src/main/java/org/eclipse/edc/connector/controlplane/catalog/DatasetResolverImpl.java

Products Affected

Vendor Product Version
eclipse eclipse_dataspace_components *
CVE-2024-9329

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Products Affected

Vendor Product Version
eclipse glassfish *
CVE-2024-9342

In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.

Products Affected

Vendor Product Version
eclipse glassfish 7.0.16
CVE-2024-9343

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

Products Affected

Vendor Product Version
eclipse glassfish 7.0.15
CVE-2024-9408

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.

Products Affected

Vendor Product Version
eclipse glassfish 6.2.5
CVE-2024-9823

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp bootstrap_os -
eclipse jetty *
CVE-2025-0726

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support.

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-0727

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support.

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-0728

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support.

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-1007

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in /user/namespace/{namespace}/details/logo and allowed a user to change the logo.

Products Affected

Vendor Product Version
eclipse open_vsx *
CVE-2025-10543

In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an MQTT topic may leak into the message body in a PUBLISH packet). The issue arises because the length of the data passed in was converted from an int64/int32 (depending upon CPU) to an int16 without checks for overflows. The int16 length was then written, followed by the data (e.g. topic). This meant that when the data (e.g. topic) was over 65535 bytes then the amount of data written exceeds what the length field indicates. This could lead to a corrupt packet, or mean that the excess data leaks into another field (e.g. topic leaks into message body).

Products Affected

Vendor Product Version
eclipse paho_mqtt *
CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

Products Affected

Vendor Product Version
eclipse jetty *
CVE-2025-11965

In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config').

Products Affected

Vendor Product Version
eclipse vert.x *
CVE-2025-11966

In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing malicious script or HTML content, leading to stored cross-site scripting (XSS) that executes in the context of users viewing the affected directory listing.

Products Affected

Vendor Product Version
eclipse vert.x *
CVE-2025-12383

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

Products Affected

Vendor Product Version
eclipse jersey 2.45
eclipse jersey 3.1.9
eclipse jersey 3.0.16
CVE-2025-14549

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL (0x00) characters during the Latin-compatible charset (UTF-8, ISO8859-1, ASCII, etc) to IBM-1047/037 translation sequence. This can cause the output byte array to be truncated, discarding the first NUL byte and all subsequent characters, and thereby exposing a possible buffer over-read problem. This issue is fixed in Eclipse OMR version 0.8.0.

Products Affected

Vendor Product Version
eclipse omr 0.7.0
CVE-2025-1470

In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
eclipse omr *
CVE-2025-1471

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
eclipse omr *
CVE-2025-1948

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse jetty *
CVE-2025-2258

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-2259

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-2260

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support. This issue follows an incomplete fix of CVE-2025-0726.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-4447

In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.

Products Affected

Vendor Product Version
eclipse openj9 *
CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
eclipse jgit *
CVE-2025-5115

In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory. For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal. Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame. The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time. The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame. Links: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h

Products Affected

Vendor Product Version
eclipse jetty *
eclipse jetty 12.1.0
CVE-2025-55078

In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
eclipse threadx *
CVE-2025-55079

In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a possible denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
eclipse threadx *
CVE-2025-55080

In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
eclipse threadx *
CVE-2025-55081

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside of the expected range, it could cause an out-of-bound read.

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55082

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55083

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55084

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55085

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55086

In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55087

In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55089

In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets

Products Affected

Vendor Product Version
eclipse threadx_filex *
CVE-2025-55090

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55091

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55092

In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55093

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55094

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-55095

The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in _ux_host_class_storage_partition_read(), which parses up to four partition entries. If an extended partition is found (with type UX_HOST_CLASS_STORAGE_PARTITION_EXTENDED or EXTENDED_LBA_MAPPED), the code invokes: _ux_host_class_storage_media_mount(storage, sector + _ux_utility_long_get(...)); There is no limit on the recursion depth or tracking of visited sectors. As a result, a malicious or malformed disk image can include cyclic or excessively deep chains of extended partitions, causing the function to recurse until stack overflow occurs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 4.2 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 0.8 3.4

Products Affected

Vendor Product Version
eclipse threadx_usbx *
CVE-2025-55096

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get()  when parsing a descriptor of an USB HID device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 0.9 5.2

Products Affected

Vendor Product Version
eclipse threadx_usbx *
CVE-2025-55097

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 0.9 5.2

Products Affected

Vendor Product Version
eclipse threadx_usbx *
CVE-2025-55098

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 0.9 5.2

Products Affected

Vendor Product Version
eclipse threadx_usbx *
CVE-2025-55099

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 0.9 5.2

Products Affected

Vendor Product Version
eclipse threadx_usbx *
CVE-2025-55100

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
eclipse threadx_usbx *
CVE-2025-55102

A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.

Products Affected

Vendor Product Version
eclipse threadx_netx_duo *
CVE-2025-6705

A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new extension versions under any namespace, including those not controlled by an attacker. However, it did not permit deletion of existing extensions, overwriting of published versions, or access to administrative features of the registry. The issue was reported on May 4, 2025, fully resolved by June 24, and followed by a comprehensive audit. No evidence of compromise was found, though 81 extensions were proactively deactivated as a precaution. The standard publishing process remained unaffected. Recommendations have been issued to mitigate similar risks in the future.

Products Affected

Vendor Product Version
eclipse open_vsx -
CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
eclipse cyclone_data_distribution_service *
CVE-2025-7962

In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
eclipse jakarta_mail *
eclipse angus_mail *
CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the return value of osek_get_counter(). Specifically, the current code checks if cntr_id equals 0u to determine failure, but @osek_get_counter() actually returns E_OS_SYS_STACK (defined as 12U) when it fails. This mismatch causes the error branch to never execute even when the counter pool is exhausted. As a result, when the counter pool is depleted, the code proceeds to cast the error code (12U) to a pointer (OSEK_COUNTER *), creating a wild pointer. Subsequent writes to members of this pointer lead to writes to illegal memory addresses (e.g., 0x0000000C), which can trigger immediate HardFaults or silent memory corruption. This vulnerability poses significant risks, including potential denial-of-service attacks (via repeated calls to exhaust the counter pool) and unauthorized memory access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0

Products Affected

Vendor Product Version
eclipse threadx *
CVE-2026-1002

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component (used by Vert.x Web): https://github.com/eclipse-vertx/vert.x/pull/5895 Steps to reproduce Given a file served by the static handler, craft an URI that introduces a string like bar%2F..%2F after the last / char to deny the access to the URI with an HTTP 404 response. For example https://example.com/foo/index.html can be denied with https://example.com/foo/bar%2F..%2Findex.html Mitgation Disabling Static Handler cache fixes the issue. StaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);

Products Affected

Vendor Product Version
eclipse vert.x-web *
CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.

Products Affected

Vendor Product Version
eclipse omr *
CVE-2026-1605

In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed. This happens because the JDK Inflater is allocated for decompressing the request, but it is not released because the release mechanism is tied to the compressed response. In this case, since the response is not compressed, the release mechanism does not trigger, causing the leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
eclipse jetty *
CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to repository secrets and a GITHUB_TOKEN with extensive write permissions (contents:write, packages:write, pages:write, actions:write). An attacker could exfiltrate secrets, publish malicious packages to the eclipse-theia organization, modify the official Theia website, and push malicious code to the repository.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
eclipse theia_website *
CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
eclipse open_message_queue *