Filtered by vendor Eclipse
Subscribe
Total
223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55094 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-24 | N/A | 7.5 HIGH |
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options. | |||||
| CVE-2025-55087 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-24 | N/A | 7.5 HIGH |
| In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters. | |||||
| CVE-2025-55093 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-24 | N/A | 5.3 MEDIUM |
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory. | |||||
| CVE-2025-55092 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-24 | N/A | 5.3 MEDIUM |
| In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option. | |||||
| CVE-2025-55086 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-24 | N/A | 9.8 CRITICAL |
| In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read. | |||||
| CVE-2025-55100 | 1 Eclipse | 1 Threadx Usbx | 2025-10-23 | N/A | 9.1 CRITICAL |
| In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies. | |||||
| CVE-2025-55098 | 1 Eclipse | 1 Threadx Usbx | 2025-10-23 | N/A | 6.1 MEDIUM |
| In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device. | |||||
| CVE-2025-55099 | 1 Eclipse | 1 Threadx Usbx | 2025-10-23 | N/A | 6.1 MEDIUM |
| In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields. | |||||
| CVE-2025-55097 | 1 Eclipse | 1 Threadx Usbx | 2025-10-23 | N/A | 6.1 MEDIUM |
| In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device. | |||||
| CVE-2025-55096 | 1 Eclipse | 1 Threadx Usbx | 2025-10-23 | N/A | 6.1 MEDIUM |
| In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device. | |||||
| CVE-2025-55079 | 1 Eclipse | 1 Threadx | 2025-10-22 | N/A | 5.5 MEDIUM |
| In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a possible denial of service. | |||||
| CVE-2025-55080 | 1 Eclipse | 1 Threadx | 2025-10-22 | N/A | 7.1 HIGH |
| In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write. | |||||
| CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 313 Http Server, Opensearch Data Prepper, Apisix and 310 more | 2025-10-21 | N/A | 7.5 HIGH |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |||||
| CVE-2025-55078 | 1 Eclipse | 1 Threadx | 2025-10-21 | N/A | 5.5 MEDIUM |
| In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region. | |||||
| CVE-2025-55091 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | N/A | 6.5 MEDIUM |
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data. | |||||
| CVE-2025-55090 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | N/A | 6.5 MEDIUM |
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet. | |||||
| CVE-2025-55084 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | N/A | 5.3 MEDIUM |
| In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field. | |||||
| CVE-2025-55083 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | N/A | 5.3 MEDIUM |
| In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read. | |||||
| CVE-2025-55082 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | N/A | 5.3 MEDIUM |
| In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message. | |||||
| CVE-2025-4949 | 1 Eclipse | 1 Jgit | 2025-10-16 | N/A | 9.8 CRITICAL |
| In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues. | |||||