CVE-2022-36601

The CVE-2022-36601 issue affects JasMiner-X4-Server versions 20220621-090907 and earlier. The Eclipse TCF debug interface is open on port 1534, allowing unauthenticated attackers to gain root privileges and access sensitive data or execute arbitrary commands. There is no publicly disclosed exploi...

CVE-2022-2576

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...

CVE-2022-2576

In Eclipse Californium, CVE-2022-2576 affects versions 2.0.0–2.7.2 and 3.0.0–3.5.0. The DTLS resumption handshake can fall back to a full DTLS handshake on parameter mismatch without a HelloVerifyRequest, which, when used with certificate-based cipher suites, enables message amplification that ca...

Backdoor.Win32.Eclipse.h MVID-2022-0625 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Eclipse.h Vulnerability: Weak Hardcoded Credentials Family: Eclipse Type:...

MAL-2022-2659 Malicious code in eclipse-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5bf751fbca5018142912182836517f51e4336ddd8be19c986cac4528f5471be4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Spring Tools 4.15.1 released

Dear Spring Community, I am happy to announce the 4.15.1 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia. fixes and improvements Spring Boot fixed: VScode incorrectly suggests removing @Autowired annotation from methods 787 Spring Boot fixed: VScode quick fix should not...

Design/Logic Flaw

SAP NetWeaver Developer Studio NWDS - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x...

CVE-2022-29615

SAP NetWeaver Developer Studio NWDS - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x...

CVE-2021-38441

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...

CVE-2021-38443 Eclipse CycloneDDS Improper Handling of Syntactically Invalid Structure

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...

CVE-2021-38443

Summary: CVE-2021-38443 affects Eclipse CycloneDDS; versions prior to 0.8.0 improperly handle invalid structures in the XML parser, which may allow an attacker to write arbitrary values. The issue is supported by multiple sources in Connected documents and is reflected in NVD and vendor advisorie...

IBM Java 8.0 < 8.0.6.0

The version of IBM Java installed on the remote host is prior to 8.0 8.0.6.0. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update November 2019 advisory. - From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a...

JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods...

Mageia: Security Advisory (MGASA-2021-0591)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-W6V7-W58J-PG5R Improper Verification of Communication Channel in @theia/plugin-ext

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

Security Bulletin: IBM MQ is vulnerable to an issue in Eclipse (CVE-2020-27225)

Summary An issue was identified in Eclipse that IBM MQ uses within IBM MQ Explorer. Vulnerability Details CVEID: CVE-2020-27225 DESCRIPTION: Eclipse could allow a local attacker to execute arbitrary commands on the system, caused by the failure to authenticate active help requests to the local he...

Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU Jul 2021 - Includes Oracle Jul 2021 CPU (minus CVE-2021-2341)

Summary This Security Bulletin provides steps for updating Java for IBM DataQuant. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system. CVSS Base score: 7....

CVE-2021-41033

In all released versions of Eclipse Equinox, at least until version 4.21 September 2021, installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by...

Code injection

In all released versions of Eclipse Equinox, at least until version 4.21 September 2021, installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by...

CVE-2021-41033

CVE-2021-41033 affects Eclipse Equinox. All released versions up to 4.21 (Sept 2021) are vulnerable to a MITM attack when using HTTP p2 repositories; an attacker could deliver malicious p2 metadata to alter the local installation and potentially execute code via installed plug-ins. Connected sour...