58 matches found
CVE-2023-4218
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
Security Bulletin: Due to use of the sha.js library, IBM watsonx Code Assistant IDE Extensions is affected by Improper Input Validation vulnerability
Summary Sha.js is used internally by IBM watsonx Code Assistant IDE Extensions CVE-2025-9288 Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CWE:CWE-20: Improper Inpu...
EUVD-2008-7224
Malware in sbrugna...
EUVD-2023-2980
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-4218
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil...
Linux Distros Unpatched Vulnerability : CVE-2017-8315
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the...
Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Automation Workflow - CVE-2023-4218
Summary IBM Business Automation Workflow containers package a vulnerable copy of eclipse jars. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...
Linux Distros Unpatched Vulnerability : CVE-2008-7271
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in the Help Contents web application aka the Help Server in Eclipse IDE, possibly 3.3.2, allow remote attacker...
Linux Distros Unpatched Vulnerability : CVE-2010-4647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in the Help Contents web application aka the Help Server in Eclipse IDE before 3.6.2 allow remote attackers to...
Security Bulletin: TPF Toolkit is affected by vulnerabilities in the Eclipse IDE and Apache Commons Compress
Summary The org.eclipse.core.runtime component is used by TPF Toolkit as part of the basic platform infrastructure CVE-2023-4218. Additionally, the Apache commons-compress package is used by TPF Toolkit web applications services as part of the code coverage feature CVE-2024-26308, CVE-2024-25710...
CVE-2024-0740
Eclipse Target Management: Terminal and Remote System Explorer RSE version = 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03...
CVE-2024-0740 Eclipse Target Management <= 4.5.500 Command Injection
Eclipse Target Management: Terminal and Remote System Explorer RSE version = 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : eclipse, maven-surefire, tycho (SUSE-SU-2024:1304-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1304-1 advisory. - In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sort...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a local authenticated attacker due to Eclipse IDE (CVE-2023-4218)
Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to a local authenticated attacker due to Eclipse IDE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE coul...
SUSE CVE-2023-4218
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
GHSA-CC4W-3CFF-J8FW Duplicate Advisory: Eclipse IDE XXE in eclipse.platform
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j24h-xcpc-9jw8. This link is maintained to preserve external references. Original Description In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE...
Duplicate Advisory: Eclipse IDE XXE in eclipse.platform
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j24h-xcpc-9jw8. This link is maintained to preserve external references. Original Description In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE...
CVE-2023-4218
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
Open redirect
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
CVE-2023-4218
CVE-2023-4218 is an XXE vulnerability in Eclipse IDE