Skip to main content
  • 317055 Platform: [Webapp][Security] URLEncode url requests from local users (3.6.1)
  • 319344 Platform: [Webapp][Security] Phishing on help application (3.6.1)
  • 320547 Platform: [Webapp][Security] Misuse of /topic/file (3.6.1)
  • 320548 Platform: [Webapp][Security] Ability to read files not in bundles (3.6.1)
  • 320967 Platform: [Test][Security] Tests for security related bugs (3.7 M6)
  • 325902 Equinox: [launcher] Windows LoadLibrary search cwd DLL exploit (3.6.2)
  • 328795 Equinox: [Webapp] Possible security issue with JSP code exposure. (3.7 M4)
  • 328975 Equinox: [Webapp] Possible security issue with JSP code exposure. (3.6.2)
  • 329193 Equinox: [Webapp] Possible security issue with JSP code exposure. (3.6.2)
  • 329582 Platform: [Webapp][Security] Eclipse Help Server XSS (3.7 M4)
  • 330026 Platform: [Webapp][Security] Fix for Eclipse 3.6.2 Eclipse Help Server XSS (3.6.2)
  • 333959 Virgo: cross-site scripting vulnerability (3.0.0.RELEASE)
  • 336767 BIRT: Security Issue in BIRT Viewer (2.6.2)
  • 361316 Jetty: DoS attack from similar hash values (7.5.x)
  • 367533 Community: Reset Password allows to hijack accounts for SSH access (and other options) (---)
  • 367638 Jetty: Denial of Service attack ocert-2011-003 / CVE-2011-4461 (7.5.x)
  • 378977 Equinox: [Webapp] Possible security issue with JSP code exposure. - backport to 3.5.2+ (3.5.2+)
  • 378979 Equinox: [Webapp] Possible security issue with JSP code exposure. backport for 3.4.2+ (3.4.2+)
  • 390491 Equinox: [Webapp] Possible security issue with JSP code exposure. (3.4.2+)
  • 395246 Gemini.Web: Access to forbidden directories can be granted (2.2.0.M03)
  • 421097 Community: Open redirect (---)
  • 421700 Community: Reflected XSS - https://dev.eclipse.org/portal/myfoundation/tests/explore.php (---)
  • 421726 Community: [Security] SQL injection in http://www.eclipse.org/membership/scripts/get_image.php (---)
  • 421759 Community: [security] SQL injection in [http://eclipse.org/membership/showMember.php] By Shahmeer Amir and Rafay Baloch (---)
  • 421875 Community: Vulnerabilities on http://www.eclipse.org/‏ (---)
  • 424827 Community: Potential XSS vulnerability on /downloads page. (---)
  • 427830 Community: XSS vulnerability on www.eclipse.org (---)
  • 428032 Community: Multiple XSS on site_login (---)
  • 429494 Community: https://bugs.eclipse.org/bugs/ is vulnerable to CVE-2009-3555 (---)
  • 435095 Data Tools: HIPP jobs are SSHing to build.eclipse.org and storing passwords in config files (---)
  • 438006 ECF: [XMPP] Update to Smack 4 (---)
  • 438901 Platform: Style PASSWORD | READ_ONLY without BORDER displays plain text password (4.4.1)
  • 443883 Community: [site_login] Password change should invalidate all active sessions (---)
  • 463809 EMFStore: [Security] addInitialParticipant remote method allows privilege escalation (1.4.3)
  • 474575 Community: The website may allow automated account creation. (---)
  • 510249 Kura: Eclipse Kura uses a vulnerable version of Apache Commons Fileupload (---)
  • 513268 Community: Open Redirection vulnerability in wiki.eclipse.org (---)
  • 516765 Community: CVE-2017-7650: Eclipse Mosquitto ACL security issue (---)
  • 529754 Community: Mosquitto Server Shutdown Attack (---)
  • 530102 Community: Reloading Mosquitto configuration may fail if no file descriptors are available (---)
  • 530629 Community: Security vulnerability found in OpenJ9 project (---)
  • 532113 Community: CVE-2017-7653: Eclipse Mosquitto does not validate topic strings (---)
  • 533493 Community: CVE-2017-7654: Mosquitto Broker DoS through a Memory Leak vulnerability (---)
  • 533775 Community: CVE-2017-7655: Potential NULL Dereference vulnerability in Mosquitto Library (---)
  • 534108 Community: The site marketplace.eclipse.org only supports TLS 1.0 security (---)
  • 534589 Community: OpenJ9 Vulnerabilities (---)
  • 535667 Community: Jetty: CVE Request: HTTP/0.9 Request Smuggling (---)
  • 536018 Community: Jetty: CVE Request: FileBasedSessionStore Session Stealing (---)
  • 536038 Community: CVE-2018-12537: vert.x: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (---)
  • 539170 Community: WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake (---)
  • 539171 Community: The StaticHandler does not properly neutralize forward slashes (---)
  • 539295 Community: Remote crash in Mosquitto 1.5 to 1.5.2 (---)
  • 539568 Community: The OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks (---)
  • 540550 Community: Password change should invalidate all user sessions (---)
  • 541870 Community: mosquitto: An empty ACL file grant all permissions to clients (---)
  • 543127 Community: Access Control Violation via Retained Message in Eclipse Mosquitto (---)
  • 543401 Community: Blank username allows Mosquitto Security Bypass (---)
  • 543792 Community: OpenJ9 OpenSSL natives are public (---)
  • 544019 Community: OpenJ9 may fail to null check the receiver of an unsafe call (---)
  • 544819 Community: DTLS server - buffer overflow leading to crash (dtls_create_cookie) (---)
  • 544824 Community: DTLS server - buffer overflow leading to crash (dtls_update_parameters) (---)
  • 545588 openj9: Crash on unverifiable bytecode (---)
  • 546053 Community: Eclipse hawkBit: New CVE Request (---)
  • 546121 Community: Jetty CVE Request: DefaultServlet / ResourceHandler XSS (---)
  • 546576 Community: Jetty CVE Request: Information Reveal - Windows Directory Listings (---)
  • 546577 Community: Jetty CVE Request: Information Reveal - DefaultHandler (---)
  • 546622 Community: Eclipse Vorto: New CVE Request (---)
  • 546816 BIRT: Reflected XSS vulnerability in the __format URL parameter (---)
  • 546996 Community: Eclipse Xtext/Xtend: New CVE Request (---)
  • 549191 OMR: RPATHs on AIX (---)
  • 549192 OMR: Loop Versioner (---)
  • 549601 openj9: Loop Versioner (---)
  • 549934 Paho: Request for CVE in known hostname validation vulnerability in the MQTT library (1.2)

Back to the top