Vulnerabilidades en Eclipse Foundation
104 resultadosCVE-2025-1007MEDIUMImproper Authorization in /user/namespace/{namespace}/detailsEPSS 0.5%CVE-2025-55089CRITICALEclipse ThreadX FileX RAM disk driver buffer overflowEPSS 0.5%CVE-2025-11965MEDIUMIn Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails toEPSS 0.5%CVE-2024-13009HIGHEclipse Jetty GZIP buffer releaseEPSS 0.4%CVE-2023-2597HIGHIn Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size oEPSS 0.4%CVE-2024-10917LOWEclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLengthEPSS 0.4%CVE-2025-55087MEDIUMIn NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by aEPSS 0.4%CVE-2024-4536MEDIUMEclipse EDC: OAuth2 Credential Exfiltration VulnerabilityEPSS 0.4%CVE-2024-8642MEDIUMEclipse EDC: Consumer pull transfer token validation checks not appliedEPSS 0.4%CVE-2023-5676MEDIUMEclipse OpenJ9 possible infinite busy hangEPSS 0.4%CVE-2024-9342MEDIUMIn Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of faEPSS 0.4%CVE-2026-22886CRITICALOpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires
authentication. However, the product ships with a defaulEPSS 0.4%CVE-2023-4218MEDIUMXXE in eclipse.platform / Eclipse IDEEPSS 0.4%CVE-2026-6918HIGHIn Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.EPSS 0.4%CVE-2026-5795HIGHIn Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.
Upon returning froEPSS 0.4%CVE-2025-55094MEDIUMPotential out-of-bounds read in _nx_icmpv6_validate_options()EPSS 0.4%CVE-2024-9202MEDIUMEDC DataSetResolver policy filtering missingEPSS 0.4%CVE-2026-1605HIGHIn Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with EPSS 0.4%CVE-2025-55086MEDIUMIn NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked indEPSS 0.4%CVE-2024-8646MEDIUMEclipse Glassfish: URL redirection vulnerability to untrusted sitesEPSS 0.4%