Skip to main content
Log in
Manage Cookies
Download
Projects
Working Groups
Members
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Blogs
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
Research
Eclipse IDE
Download
Learn More
Documentation
Getting Started / Support
How to Contribute
IDE and Tools
Newcomer Forum
More
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Blogs
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
Research
Eclipse IDE
Download
Learn More
Documentation
Getting Started / Support
How to Contribute
IDE and Tools
Newcomer Forum
Toggle navigation
Breadcrumbs
Home
Security
Known Eclipse Security Vulnerabilit...
Known Eclipse Security Vulnerabilities
317055
Platform: [Webapp][Security] URLEncode url requests from local users
319344
Platform: [Webapp][Security] Phishing on help application
320547
Platform: [Webapp][Security] Misuse of /topic/file
320548
Platform: [Webapp][Security] Ability to read files not in bundles
320967
Platform: [Test][Security] Tests for security related bugs
325902
Equinox: [launcher] Windows LoadLibrary search cwd DLL exploit
328795
Equinox: [Webapp] Possible security issue with JSP code exposure.
328975
Equinox: [Webapp] Possible security issue with JSP code exposure.
329193
Equinox: [Webapp] Possible security issue with JSP code exposure.
329582
Platform: [Webapp][Security] Eclipse Help Server XSS
330026
Platform: [Webapp][Security] Fix for Eclipse 3.6.2 Eclipse Help Server XSS
333959
Virgo: cross-site scripting vulnerability
336767
BIRT: Security Issue in BIRT Viewer
361316
Jetty: DoS attack from similar hash values
367533
Community: Reset Password allows to hijack accounts for SSH access (and other options)
367638
Jetty: Denial of Service attack ocert-2011-003 / CVE-2011-4461
378977
Equinox: [Webapp] Possible security issue with JSP code exposure. - backport to 3.5.2+
378979
Equinox: [Webapp] Possible security issue with JSP code exposure. backport for 3.4.2+
390491
Equinox: [Webapp] Possible security issue with JSP code exposure.
395246
Gemini.Web: Access to forbidden directories can be granted
421097
Community: Open redirect
421700
Community: Reflected XSS - https://dev.eclipse.org/portal/myfoundation/tests/explore.php
421726
Community: [Security] SQL injection in http://www.eclipse.org/membership/scripts/get_image.php
421759
Community: [security] SQL injection in [http://eclipse.org/membership/showMember.php] By Shahmeer Amir and Rafay Baloch
421875
Community: Vulnerabilities on http://www.eclipse.org/
424827
Community: Potential XSS vulnerability on /downloads page.
427830
Community: XSS vulnerability on www.eclipse.org
428032
Community: Multiple XSS on site_login
429494
Community: https://bugs.eclipse.org/bugs/ is vulnerable to CVE-2009-3555
435095
Data Tools: HIPP jobs are SSHing to build.eclipse.org and storing passwords in config files
438006
ECF: [XMPP] Update to Smack 4
438901
Platform: Style PASSWORD | READ_ONLY without BORDER displays plain text password
443883
Community: [site_login] Password change should invalidate all active sessions
458571
WTP Source Editing: XXE in DTD Parser/Validator (
CVE-2019-17637
)
463809
EMFStore: [Security] addInitialParticipant remote method allows privilege escalation
474575
Community: The website may allow automated account creation.
510249
Kura: Eclipse Kura uses a vulnerable version of Apache Commons Fileupload
513268
Community: Open Redirection vulnerability in wiki.eclipse.org
516765
Community: CVE-2017-7650: Eclipse Mosquitto ACL security issue (
CVE-2017-7650
)
526392
Platform: JSP source is shown if extension is not matching exactly (case-sensitive)
529754
Community: Mosquitto Server Shutdown Attack (
CVE-2017-7651
)
530102
Community: Reloading Mosquitto configuration may fail if no file descriptors are available (
CVE-2017-7652
)
530629
Community: Security vulnerability found in OpenJ9 project (
CVE-2018-1417
)
532113
Community: CVE-2017-7653: Eclipse Mosquitto does not validate topic strings (
CVE-2017-7653
)
533493
Community: CVE-2017-7654: Mosquitto Broker DoS through a Memory Leak vulnerability (
CVE-2017-7654
)
533775
Community: CVE-2017-7655: Potential NULL Dereference vulnerability in Mosquitto Library (
CVE-2017-7655
)
534108
Community: The site marketplace.eclipse.org only supports TLS 1.0 security
534589
Community: OpenJ9 Vulnerabilities (
CVE-2018-12539
)
535667
Community: Jetty: CVE Request: HTTP/0.9 Request Smuggling (
CVE-2017-7656
)
536018
Community: Jetty: CVE Request: FileBasedSessionStore Session Stealing (
CVE-2018-12538
)
536038
Community: CVE-2018-12537: vert.x: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (
CVE-2018-12537
)
539170
Community: WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake (
CVE-2018-12541
)
539171
Community: The StaticHandler does not properly neutralize forward slashes (
CVE-2018-12542
)
539295
Community: Remote crash in Mosquitto 1.5 to 1.5.2 (
CVE-2018-12543
)
539568
Community: The OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks (
CVE-2018-12544
)
540550
Community: Password change should invalidate all user sessions
541870
Community: mosquitto: An empty ACL file grant all permissions to clients (
CVE-2018-12550
)
543127
Community: Access Control Violation via Retained Message in Eclipse Mosquitto (
CVE-2018-12546
)
543401
Community: Blank username allows Mosquitto Security Bypass (
CVE-2018-12551
)
543792
Community: OpenJ9 OpenSSL natives are public (
CVE-2018-12548
)
544019
Community: OpenJ9 may fail to null check the receiver of an unsafe call (
CVE-2018-12549
)
544819
Community: DTLS server - buffer overflow leading to crash (dtls_create_cookie)
544824
Community: DTLS server - buffer overflow leading to crash (dtls_update_parameters)
545588
openj9: Crash on unverifiable bytecode (
CVE-2019-10245
)
546053
Community: Eclipse hawkBit: New CVE Request (
CVE-2019-10240
)
546121
Community: Jetty CVE Request: DefaultServlet / ResourceHandler XSS (
CVE-2019-10241
)
546576
Community: Jetty CVE Request: Information Reveal - Windows Directory Listings (
CVE-2019-10246
)
546577
Community: Jetty CVE Request: Information Reveal - DefaultHandler (
CVE-2019-10247
)
546622
Community: Eclipse Vorto: New CVE Request (
CVE-2019-10248
)
546816
BIRT: Reflected XSS vulnerability in the __format URL parameter (
CVE-2019-11776
)
546996
Community: Eclipse Xtext/Xtend: New CVE Request (
CVE-2019-10249
)
547734
Community: Eclipse Buildship: New CVE Request (
CVE-2019-11770
)
549191
OMR: RPATHs on AIX (
CVE-2019-11773
)
549192
OMR: Loop Versioner (
CVE-2019-11774
)
549601
openj9: Loop Versioner (
CVE-2019-11775
)
549934
Paho: Request for CVE in known hostname validation vulnerability in the MQTT library (
CVE-2019-11777
)
551423
Community: repo.locationtech.org Only Supports TLS 1.1 Which is Unsecure
551596
Che: Remote Code Execution Vulnerability in Web Interface (
CVE-2019-17633
)
551680
Platform: [Webapp][Security] XSS in query param of webapp war file
551747
Community: Arbitrary File Read Abusing The `mini-browser` Extension (
CVE-2019-17636
)
552129
openj9: Dump creation (
CVE-2019-17631
)
552542
Community: XSS in Memory Analyzer plugin for Eclipse (
CVE-2019-17634
)
553067
RAP: Accidental XSS possible with HTML MARKUP_ENABLED in RAP
563998
openj9: Undefined return value (
CVE-2019-17639
)
565671
Community: Mosquitto Windows Service Unquoted Path vulnerability
Back to the top
