208 matches found
CVE-2024-0740
CVE-2024-0740 affects Eclipse Target Management: Terminal and Remote System Explorer (RSE) versions
Improper Access Control
github.com/ipfs/kubo/ is vulnerable to Improper Access Control. The vulnerability is due to the ability of an attacker to generate ephemeral identities, allowing them to exploit the IPFS connection management reputation system. This enables the attacker to poison other nodes' routing tables,...
openSUSE Security Advisory (SUSE-SU-2024:1304-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-2214
CVE-2024-2214 affects Eclipse ThreadX, specifically the Xtensa port. The vulnerability arises from an ineffective array size check in the _Mtxinit() function, leading to a memory overwrite in ports/xtensa/xcc/src/tx_clib_lock.c. It applies to ThreadX versions prior to 6.4.0. The available documen...
OSGi v3.7.2 (and below) Console - Remote Code Execute Exploit
!/usr/bin/python Exploit Title: OSGi v3.7.2 Console RCE Date: 2023-07-28 Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-osgi-exploits.git Vendor Homepage: https://eclipse.dev/equinox Software Link:...
Fedora: Security Advisory for xbean (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for aopalliance (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: ecj-4.23-9.fc40
ECJ is the Java bytecode compiler of the Eclipse Platform. It is also known as the JDT Core batch compiler...
openSUSE Security Advisory (SUSE-SU-2024:0057-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM MQ is vulnerable to issues in Eclipse (CVE-2023-4218, CVE-2023-44487)
Summary IBM MQ has addressed vulnerabilities in Eclipse, which is used in IBM MQ Explorer. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...
CVE-2023-37540
The CVE-2023-37540 entry concerns the Sametime Connect desktop chat client, which includes but does not use or require an Eclipse Secure Storage feature. The underlying issue is the use of an Eclipse feature to store sensitive data, which can lead to exposure of that data (information disclosure)...
GHSA-J24H-XCPC-9JW8 Eclipse IDE XXE in eclipse.platform
Impact xml files like ".project" are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch. Vulnerablility was found by static code analysis SonarLint...
Eclipse IDE XXE in eclipse.platform
Impact xml files like ".project" are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch. Vulnerablility was found by static code analysis SonarLint...
XML External Entity (XXE)
org.eclipse.jdt and org.eclipse.platform are vulnerable to XML External Entity XXE. The vulnerability exists because the library does not disable access to external entities by default. This allows an attacker to inject malicious XML documents into an Eclipse project, potentially leading to...
CVE-2023-4218
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
CVE-2023-4218
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
UBUNTU-CVE-2023-4218
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
CVE-2023-4218 XXE in eclipse.platform / Eclipse IDE
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
CVE-2023-4043 Parsson DoS when parsing numbers from untrusted sources
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processi...
CVE-2023-4043 Parsson DoS when parsing numbers from untrusted sources
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processi...