Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Eclipse Foundation — Vulnerabilities & Security Advisories 91

Browse all 91 CVE security advisories affecting Eclipse Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Eclipse Foundation:ThreadXNetX DuoEclipse GlassfishJettyMosquittoEclipse JettyUSBXEclipse OMROpenJ9NextX DuoVert.xParssonOpen J9Eclipse OpenMQGlassfishEclipse Theia - WebsiteEclipse ThreadX - USBXEclipse ThreadXEclipse Kura InstallerEclipse ThreadX - NetX DuoBlueChipaho.mqtt.golang (Go MQTT v3.1 library)JerseyEclipse IDEEclipse KUKSA - DatabrokerEclipse OpenJ9FileXEclipse JGitJakarta MailEclipse Open VSX Registry
CVE IDTitleCVSSSeverityPublished
CVE-2024-3935 Eclipse Mosquito: Double free vulnerability — mosquittoCWE-415 9.8AICriticalAI2024-10-30
CVE-2024-10525 Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback — mosquittoCWE-122 9.8 -2024-10-30
CVE-2024-8184 Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks — JettyCWE-400 5.9 Medium2024-10-14
CVE-2024-6762 Jetty PushSessionCacheFilter can cause remote DoS attacks — JettyCWE-400 3.1 Low2024-10-14
CVE-2024-6763 Jetty URI parsing of invalid authority — JettyCWE-1286 3.7 Low2024-10-14
CVE-2024-9823 Jetty DOS vulnerability on DosFilter — JettyCWE-400 5.3 Medium2024-10-14
CVE-2024-8376 Memory leak — MosquittoCWE-401 9.1 -2024-10-11
CVE-2024-9329 Glassfish redirect to untrusted site — GlassfishCWE-233 6.1 -2024-09-30
CVE-2024-9202 EDC DataSetResolver policy filtering missing — Eclipse Dataspace ComponentsCWE-862 4.3AIMediumAI2024-09-27
CVE-2024-8642 Eclipse EDC: Consumer pull transfer token validation checks not applied — Eclipse EDC ConnectorCWE-303 7.5AIHighAI2024-09-11
CVE-2024-8646 Eclipse Glassfish: URL redirection vulnerability to untrusted sites — Eclipse GlassfishCWE-601 6.1 Medium2024-09-11
CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size — Eclipse Vert.xCWE-770--AI2024-09-04
CVE-2023-7272 Eclipse Parsson stack overflow with deeply nested objects — ParssonCWE-787 8.6 High2024-07-17
CVE-2024-3933 Eclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could write/read outside of a buffer — Open J9CWE-805 5.3 Medium2024-05-27
CVE-2024-5165 Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input — Eclipse DittoCWE-79 6.5 Medium2024-05-23
CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability — EDCCWE-201 6.8 Medium2024-05-07
CVE-2024-0740 Eclipse Target Management <= 4.5.500 Command Injection — Eclipse Target ManagementCWE-78 9.8 Critical2024-04-26
CVE-2024-3046 Eclipse Kura 安全漏洞 — KuraCWE-303 7.5 High2024-04-09
CVE-2024-2212 Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet() — ThreadXCWE-122 7.3 High2024-03-26
CVE-2024-2214 Missing array size check in _Mtxinit() in the Xtensa port — ThreadXCWE-129 7.0 High2024-03-26
CVE-2024-2452 Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc() — ThreadXCWE-120 7.0 High2024-03-26
CVE-2023-6194 Eclipse Memory Analyzer 代码问题漏洞 — Eclipse Memory Analyzer (tools.mat)CWE-611 2.8 Low2023-12-11
CVE-2023-5676 Eclipse OpenJ9 possible infinite busy hang — OpenJ9CWE-364 4.1 Medium2023-11-15
CVE-2023-4218 XXE in eclipse.platform / Eclipse IDE — Eclipse IDECWE-611 5.0 Medium2023-11-09
CVE-2023-4043 Parsson DoS when parsing numbers from untrusted sources — ParssonCWE-20 5.9 Medium2023-11-03
CVE-2023-5763 Glassfish remote code execution — GlassfishCWE-913 6.8 Medium2023-11-03
CVE-2023-4760 Remote Code Execution in Eclipse RAP on Windows — Eclipse RAPCWE-22 7.6 High2023-09-21
CVE-2023-4759 Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write — Eclipse JGitCWE-59 8.8 High2023-09-12
CVE-2023-2597 Eclipse OpenJ9 缓冲区错误漏洞 — Eclipse OpenJ9CWE-120 7.0 High2023-05-22
CVE-2017-7649 Eclipse Kura 安全漏洞 — Eclipse Kura Installer 8.1 -2017-09-11

This page lists every published CVE security advisory associated with Eclipse Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.