Vulnerabilities (CVE)

Vendor filter

Eclipse Subscribe

Filter

36 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-7652 2 Debian, Eclipse 2 Debian Linux, Mosquitto 2019-04-16 6.0
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no...
CVE-2018-12545 1 Eclipse 1 Jetty 2019-04-16 5.0
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due...
CVE-2017-9735 1 Eclipse 1 Jetty 2019-04-16 5.0
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
CVE-2019-10244 1 Eclipse 1 Kura 2019-04-10 5.0
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an...
CVE-2019-10243 1 Eclipse 1 Kura 2019-04-10 5.0
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura.
CVE-2019-10242 1 Eclipse 1 Kura 2019-04-10 5.0
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
CVE-2019-10240 1 Eclipse 1 Hawkbit 2019-04-08 6.8
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts...
CVE-2018-12549 2 Eclipse, Redhat 4 Openj9, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-03-25 7.5
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
CVE-2018-12538 2 Eclipse, Netapp 10 Jetty, E-series Santricity Management Plug-ins, E-series Santricity Web Services Proxy and 7 more 2019-03-21 6.5
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete...
CVE-2017-7654 2 Eclipse, Debian 2 Mosquitto, Debian Linux 2019-03-20 5.0
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.
CVE-2018-12537 1 Eclipse 1 Vert.x 2019-03-20 5.0
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client...
CVE-2017-9868 3 Mosquitto Project, Eclipse, Debian 3 Mosquitto, Mosquitto, Debian Linux 2019-03-12 2.1
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.
CVE-2016-4800 1 Eclipse 1 Jetty 2019-03-08 7.5
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters,...
CVE-2015-2080 2 Fedoraproject, Eclipse 2 Fedora, Jetty 2019-03-08 5.0
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
CVE-2019-9004 1 Eclipse 1 Wakaama 2019-02-22 5.0
In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory....
CVE-2018-12548 1 Eclipse 1 Openj9 2019-02-20 7.5
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
CVE-2018-20145 1 Eclipse 1 Mosquitto 2019-02-05 5.0
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
CVE-2018-12542 1 Eclipse 1 Vert.x 2019-01-25 7.5
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to...
CVE-2018-12541 1 Eclipse 1 Vert.x 2019-01-17 4.0
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes)...
CVE-2017-7658 2 Eclipse, Debian 2 Jetty, Debian Linux 2019-01-16 7.5
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length...