KUKSA.val 访问控制错误漏洞

KUKSA.val is a middleware component developed by the Eclipse Foundation for vehicle-based data access and communication. KUKSA.val has an access control vulnerability; this vulnerability arises from clients who only have read access to JWT tokens being able to register as signal providers through...

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code VS Code extension to pass the vetting process and go live in the registry. "The pipeline had a single boolea...

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code VS Code extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive...

Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery

Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code VS Code extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier...

CVE-2025-55096

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclasshidreportdescriptorget when parsing a descriptor of an USB HID device...

CVE-2025-55100

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudio10samparsefunc when parsing a list of sampling frequencies...

CVE-2025-55085

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

CVE-2025-55085

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

CVE-2025-55089

In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets...

CVE-2025-55100

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudio10samparsefunc when parsing a list of sampling frequencies...

CVE-2025-55097

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiostreamingsamplingget when parsing a descriptor of an USB streaming device...

CVE-2025-55098

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiodevicetypeget when parsing a descriptor of an USB audio device...

CVE-2025-55087

In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...

CVE-2025-55100 Potential out-of-bounds read in _ux_host_class_audio10_sam_parse_func()

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudio10samparsefunc when parsing a list of sampling frequencies...

CVE-2025-55099

CVE-2025-55099 concerns Eclipse ThreadX USBX prior to 6.4.3, where the USB support module has a potential out-of-bounds read in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields. Red Hat and multiple sources reiterate this exact is...

CVE-2025-55098 Potential out-of-bounds read in _ux_host_class_audio_device_type_get()

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiodevicetypeget when parsing a descriptor of an USB audio device...

EUVD-2025-34869

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxicmpv6validateoptions when handling a packet with ICMP6 options...

EUVD-2025-34874

In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4optionprocess when processing an IPv4 packet with the timestamp option...

CVE-2025-55081

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

CVE-2025-55084

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check innxsecuretlsprocclienthellosupportedversionsextension in the extension version field...