3541 matches found
CVE-2019-10243
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura...
CVE-2019-10240
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...
CVE-2019-17636
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given...
CVE-2019-17634
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting XSS vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump coul...
CVE-2019-10244
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service not part of the device distribution could potentially be target of XXE attack due to an improper factory and parser initialisation...
CVE-2019-10242
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types...
SUSE CVE-2025-4447
In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts...
GHSA-VRPQ-QP53-QV56 Eclipse JGit XML External Entity (XXE) Vulnerability
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
Eclipse JGit XML External Entity (XXE) Vulnerability
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin (>=8.31.0 <=8.50.0), ch.admin.bit.jeap:jeap-messaging-registry-maven-plugin (>=8.31.0 <=8.50.0) +166 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.2.0.202503040940-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.2.0.202503040940-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin =8.31.0, =8.31.0, =2.59.0,...
ai.pipestream:quarkus-grpc-gatherer-deployment (>=0.1.0 <=0.1.1), ch.admin.bit.jeap:jeap-archrepo-importer-messagetype (>=1.10.0 <=1.23.0) +181 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.1.0.202411261347-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.1.0.202411261347-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ai.pipestream:quarkus-grpc-gatherer-deployment =0.1.0, =1.10.0, =1.10.0,...
ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin (>=8.31.0 <=8.50.0), ch.admin.bit.jeap:jeap-messaging-registry-maven-plugin (>=8.31.0 <=8.50.0) +166 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.2.0.202503040940-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.2.0.202503040940-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin =8.31.0, =8.31.0, =2.59.0,...
au.com.versent.jenkins.plugins:ignore-committer-strategy (=29.v7c3891a_434c3), ch.admin.bit.jeap:jeap-message-contract-domain (>=3.26.0 <=3.33.0) +709 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (>=6.0.0.202111291000-r <=6.10.0.202406032230-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =6.0.0.202111291000-r, =3.26.0, =3.26.0, =3.26.0, =3.26.0, =3.26.0, =8.15.0, =8.15.0, =1.5.0, =1.15.2 - com.a65apps.changelog:com.a65apps.changelog.gradle.plugin =1.1.10 - com.a65apps.changelog:plugin =1.1.10 -...
ai.pipestream:quarkus-grpc-gatherer-deployment (>=0.1.0 <=0.1.1), ch.admin.bit.jeap:jeap-archrepo-importer-messagetype (>=1.10.0 <=1.23.0) +181 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.1.0.202411261347-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.1.0.202411261347-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ai.pipestream:quarkus-grpc-gatherer-deployment =0.1.0, =1.10.0, =1.10.0,...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the ManifestParser and AmazonS3 classes which use a SAXParser to parse XML files without properly configuring it to disable external entity processing. An attacker can access sensitive information o...
au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), ch.admin.bit.jeap:jeap-initializer (>=2.6.0 <=4.0.0) +224 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.0.0.202409031743-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.0.0.202409031743-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - au.com.versent.jenkins.plugins:ignore-committer-strategy =37.v0d3157c4aef8,...
au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), ch.admin.bit.jeap:jeap-initializer (>=2.6.0 <=4.0.0) +224 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.0.0.202409031743-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.0.0.202409031743-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - au.com.versent.jenkins.plugins:ignore-committer-strategy =37.v0d3157c4aef8,...
CVE-2025-4949
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
DEBIAN-CVE-2025-4949
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
CVE-2025-4949
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...