Vulnerabilidades en The Eclipse Foundation

101 resultados
CVE-2021-28162In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.EPSS 0.8%CVE-2019-11778If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay inteEPSS 0.8%CVE-2023-0100In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTEPSS 0.7%CVE-2021-41037CRITICALIn Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installatiEPSS 0.7%CVE-2021-41038In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().EPSS 0.7%CVE-2021-28161In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injEPSS 0.7%CVE-2019-11774Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop EPSS 0.7%CVE-2019-10249All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been cEPSS 0.6%CVE-2021-34435In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the EPSS 0.6%CVE-2022-3676MEDIUMIn Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of tEPSS 0.6%CVE-2019-17636In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/minEPSS 0.6%CVE-2022-2576In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameterEPSS 0.5%CVE-2018-12539In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM EPSS 0.5%CVE-2022-2838In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allEPSS 0.5%CVE-2019-10240Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these deEPSS 0.4%CVE-2019-10248Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependentEPSS 0.4%CVE-2019-11771AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.EPSS 0.4%CVE-2021-41034The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence EPSS 0.4%CVE-2019-11773Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.EPSS 0.4%CVE-2021-34433In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally suEPSS 0.3%