Known Vulnerabilities for products from Eclipse
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Eclipse".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-41042 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-07-07 | 2023-11-07 |
| CVE-2021-41041 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-04-27 | 2022-05-05 |
| CVE-2021-41040 | In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-recei... | 7.5 - HIGH | 2022-02-01 | 2022-02-04 |
| CVE-2021-41039 | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties ... | 7.5 - HIGH | 2021-12-01 | 2023-10-02 |
| CVE-2021-41038 | In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMes... | 6.1 - MEDIUM | 2021-11-10 | 2021-11-13 |
| CVE-2021-41037 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8 - HIGH | 2022-07-08 | 2022-07-15 |
| CVE-2021-41036 | In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. | 9.8 - CRITICAL | 2021-11-03 | 2021-11-04 |
| CVE-2021-41035 | In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible... | 9.8 - CRITICAL | 2021-10-25 | 2021-10-28 |
| CVE-2021-41034 | The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As... | 8.1 - HIGH | 2021-09-29 | 2021-10-07 |
| CVE-2021-41033 | In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to ... | 8.1 - HIGH | 2021-09-13 | 2021-09-24 |
| CVE-2021-38443 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-05-05 | 2022-05-13 |
| CVE-2021-38441 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-05-05 | 2022-05-13 |
| CVE-2021-34436 | In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via th... | 9.8 - CRITICAL | 2021-09-02 | 2021-09-14 |
| CVE-2021-34435 | In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE... | 8.8 - HIGH | 2021-09-01 | 2022-10-27 |
| CVE-2021-34434 | In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subs... | 5.3 - MEDIUM | 2021-08-30 | 2023-11-07 |
| CVE-2021-34433 | In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes ... | 7.5 - HIGH | 2021-08-20 | 2021-08-26 |
| CVE-2021-34432 | In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic... | 7.5 - HIGH | 2021-07-27 | 2021-08-17 |
| CVE-2021-34431 | In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT... | 6.5 - MEDIUM | 2021-07-22 | 2021-08-03 |
| CVE-2021-34430 | Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to ... | 7.5 - HIGH | 2021-07-08 | 2021-07-12 |
| CVE-2021-34429 | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to... | 5.3 - MEDIUM | 2021-07-15 | 2023-11-07 |
Known software with vulnerabilities from Eclipse
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Eclipse | Buildship | 3.1.1 |
| Application | Eclipse | Business Intelligence And Reporting Tools | 1.0.0 |
| Application | Eclipse | Californium | 1.0.0 |
| Application | Eclipse | Che | 4.0.0 |
| Application | Eclipse | Eclipse Ide | 1.0 |
| Application | Eclipse | Egit | - |
| Application | Eclipse | Hawkbit | 0.2.0 |
| Application | Eclipse | Hono | 0.9 |
| Application | Eclipse | Jetty | 6.0.0 |
| Application | Eclipse | Jgit | - |
| Application | Eclipse | Kura | 2.0.2 |
| Application | Eclipse | Memory Analyzer | 1.9.1 |
| Application | Eclipse | Mojarra | 1.2-20 |
| Application | Eclipse | Mosquitto | 0.1 |
| Application | Eclipse | Omr | - |
| Application | Eclipse | Openj9 | 0.0 |
| Application | Eclipse | Paho Java Client | 1.2.0 |
| Application | Eclipse | Rdf4j | 1.0.0 |
| Application | Eclipse | Theia | 0.0.1 |
| Application | Eclipse | Tinydtls | 0.8.1 |