Filtered by vendor Eclipse
Subscribe
Total
150 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7649 | 1 Eclipse | 1 Kura | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address. | |||||
CVE-2017-9868 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. | |||||
CVE-2017-9735 | 3 Debian, Eclipse, Oracle | 7 Debian Linux, Jetty, Communications Cloud Native Core Policy and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. | |||||
CVE-2017-7650 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. | |||||
CVE-2016-4800 | 2 Eclipse, Microsoft | 2 Jetty, Windows | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. | |||||
CVE-2017-7243 | 1 Eclipse | 1 Tinydtls | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. | |||||
CVE-2015-2080 | 2 Eclipse, Fedoraproject | 2 Jetty, Fedora | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. | |||||
CVE-2009-4521 | 1 Eclipse | 1 Birt | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter. | |||||
CVE-2010-4647 | 1 Eclipse | 1 Eclipse Ide | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. | |||||
CVE-2008-7271 | 1 Eclipse | 1 Eclipse Ide | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647. |