Filtered by vendor Eclipse
Subscribe
Total
265 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55083 | 1 Eclipse | 1 Threadx Netx Duo | 2026-06-17 | N/A | 5.3 MEDIUM |
| In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read. | |||||
| CVE-2025-55082 | 1 Eclipse | 1 Threadx Netx Duo | 2026-06-17 | N/A | 5.3 MEDIUM |
| In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message. | |||||
| CVE-2025-55081 | 1 Eclipse | 1 Threadx Netx Duo | 2026-06-17 | N/A | 9.1 CRITICAL |
| In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside of the expected range, it could cause an out-of-bound read. | |||||
| CVE-2025-55080 | 1 Eclipse | 1 Threadx | 2026-06-17 | N/A | 7.1 HIGH |
| In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write. | |||||
| CVE-2025-55079 | 1 Eclipse | 1 Threadx | 2026-06-17 | N/A | 5.5 MEDIUM |
| In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a possible denial of service. | |||||
| CVE-2025-55078 | 1 Eclipse | 1 Threadx | 2026-06-17 | N/A | 5.5 MEDIUM |
| In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region. | |||||
| CVE-2025-4949 | 1 Eclipse | 1 Jgit | 2026-06-17 | N/A | 5.3 MEDIUM |
| In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues. | |||||
| CVE-2025-4447 | 1 Eclipse | 1 Openj9 | 2026-06-17 | N/A | 7.8 HIGH |
| In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts. | |||||
| CVE-2025-2260 | 1 Eclipse | 1 Threadx Netx Duo | 2026-06-17 | N/A | 7.5 HIGH |
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support. This issue follows an incomplete fix of CVE-2025-0726. | |||||
| CVE-2025-2259 | 1 Eclipse | 1 Threadx Netx Duo | 2026-06-17 | N/A | 7.5 HIGH |
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727 | |||||
| CVE-2025-2258 | 1 Eclipse | 1 Threadx Netx Duo | 2026-06-17 | N/A | 7.5 HIGH |
| In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728. | |||||
| CVE-2025-1948 | 1 Eclipse | 1 Jetty | 2026-06-17 | N/A | 7.5 HIGH |
| In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting. | |||||
| CVE-2025-1471 | 1 Eclipse | 1 Omr | 2026-06-17 | N/A | 7.8 HIGH |
| In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows. | |||||
| CVE-2025-1470 | 1 Eclipse | 1 Omr | 2026-06-17 | N/A | 5.5 MEDIUM |
| In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly. | |||||
| CVE-2025-1007 | 1 Eclipse | 1 Open Vsx | 2026-06-17 | N/A | 5.3 MEDIUM |
| In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in /user/namespace/{namespace}/details/logo and allowed a user to change the logo. | |||||
| CVE-2025-14549 | 1 Eclipse | 1 Omr | 2026-06-17 | N/A | 8.1 HIGH |
| In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL (0x00) characters during the Latin-compatible charset (UTF-8, ISO8859-1, ASCII, etc) to IBM-1047/037 translation sequence. This can cause the output byte array to be truncated, discarding the first NUL byte and all subsequent characters, and thereby exposing a possible buffer over-read problem. This issue is fixed in Eclipse OMR version 0.8.0. | |||||
| CVE-2025-12383 | 1 Eclipse | 1 Jersey | 2026-06-17 | N/A | 7.4 HIGH |
| In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC) | |||||
| CVE-2025-11966 | 1 Eclipse | 1 Vert.x | 2026-06-17 | N/A | 6.4 MEDIUM |
| In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing malicious script or HTML content, leading to stored cross-site scripting (XSS) that executes in the context of users viewing the affected directory listing. | |||||
| CVE-2025-11965 | 1 Eclipse | 1 Vert.x | 2026-06-17 | N/A | 7.5 HIGH |
| In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config'). | |||||
| CVE-2025-11143 | 1 Eclipse | 1 Jetty | 2026-06-17 | N/A | 3.7 LOW |
| The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details. | |||||