Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Eclipse Subscribe
Total 245 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-5045 2 Debian, Eclipse 2 Debian Linux, Jetty 2024-11-21 5.0 MEDIUM 7.5 HIGH
Dump Servlet information leak in jetty before 6.1.22.
CVE-2024-8376 1 Eclipse 1 Mosquitto 2024-11-15 N/A 7.5 HIGH
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
CVE-2024-8642 1 Eclipse 1 Eclipse Dataspace Components 2024-09-19 N/A 8.1 HIGH
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed.
CVE-2024-8646 1 Eclipse 1 Glassfish 2024-09-18 N/A 6.1 MEDIUM
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').
CVE-2024-8391 1 Eclipse 1 Vert.x 2024-09-12 N/A 7.5 HIGH
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).  This is fixed in the 4.5.10 version.  Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)