Vulnerabilities (CVE)

Vendor filter

Eclipse Subscribe

Filter

39 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-7654 2 Eclipse, Debian 2 Mosquitto, Debian Linux 2019-06-20 5.0
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.
CVE-2017-7653 2 Eclipse, Debian 2 Mosquitto, Debian Linux 2019-06-20 3.5
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic...
CVE-2019-10246 1 Eclipse 1 Jetty 2019-05-16 5.0
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of...
CVE-2018-12549 2 Eclipse, Redhat 5 Openj9, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-05-16 7.5
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
CVE-2017-7657 3 Eclipse, Debian, Netapp 10 Jetty, Debian Linux, E-series Santricity Management and 7 more 2019-05-15 7.5
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer...
CVE-2018-12545 2 Eclipse, Fedoraproject 2 Jetty, Fedora 2019-05-13 5.0
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due...
CVE-2018-12539 2 Eclipse, Oracle 2 Openj9, Enterprise Manager Base Platform 2019-05-10 4.6
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted...
CVE-2019-10247 1 Eclipse 1 Jetty 2019-05-10 5.0
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of...
CVE-2019-10241 1 Eclipse 1 Jetty 2019-05-10 4.3
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for...
CVE-2019-10242 1 Eclipse 1 Kura 2019-05-02 5.0
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
CVE-2019-10243 1 Eclipse 1 Kura 2019-05-02 5.0
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura.
CVE-2019-10244 1 Eclipse 1 Kura 2019-05-02 5.0
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an...
CVE-2017-7651 2 Eclipse, Debian 2 Mosquitto, Debian Linux 2019-04-22 5.0
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.
CVE-2017-7652 2 Debian, Eclipse 2 Debian Linux, Mosquitto 2019-04-16 6.0
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no...
CVE-2017-9735 1 Eclipse 1 Jetty 2019-04-16 5.0
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
CVE-2019-10240 1 Eclipse 1 Hawkbit 2019-04-08 6.8
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts...
CVE-2018-12538 2 Eclipse, Netapp 10 Jetty, E-series Santricity Management Plug-ins, E-series Santricity Web Services Proxy and 7 more 2019-03-21 6.5
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete...
CVE-2018-12537 1 Eclipse 1 Vert.x 2019-03-20 5.0
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client...
CVE-2017-9868 3 Mosquitto Project, Eclipse, Debian 3 Mosquitto, Mosquitto, Debian Linux 2019-03-12 2.1
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.
CVE-2016-4800 1 Eclipse 1 Jetty 2019-03-08 7.5
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters,...