Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Tue Sep 5 2023 17:12:45 EDT
Hide Search Description
198 bugs found.
ID Sev Pri Reporter Assignee Status Resolution Summary Changed
223539 nor P3 puhley platform-ua-inbox CLOS WONT [Webapp][Security] Vulnerability discovered in Eclipse. 2019-11-14
317055 cri P3 rwatts platform-ua-inbox VERI FIXE [Webapp][Security] URLEncode url requests from local users 2011-06-10
319344 maj P3 beqq cgold VERI FIXE [Webapp][Security] Phishing on help application 2011-06-10
320424 nor P3 cgold cgold RESO INVA [Webapp][Security] More vulnerabilities based on the topic parameter 2011-06-10
320547 nor P3 cgold cgold VERI FIXE [Webapp][Security] Misuse of /topic/file 2011-06-10
320548 nor P3 cgold cgold VERI FIXE [Webapp][Security] Ability to read files not in bundles 2011-06-10
320967 nor P3 cgold cgold RESO FIXE [Test][Security] Tests for security related bugs 2011-06-10
323511 nor P3 gal.alex equinox.framework-inbox CLOS DUPL launcher starts wrong application 2012-03-22
325902 nor P3 aniefer equinox.launcher-inbox RESO FIXE [launcher] Windows LoadLibrary search cwd DLL exploit 2011-06-10
328795 maj P3 gregw tjwatson RESO FIXE [Webapp] Possible security issue with JSP code exposure. 2012-09-05
328975 maj P3 tjwatson tjwatson RESO FIXE [Webapp] Possible security issue with JSP code exposure. 2013-12-20
329193 maj P3 tjwatson equinox.server-side-inbox RESO FIXE [Webapp] Possible security issue with JSP code exposure. 2012-09-26
329582 maj P3 ec cgold RESO FIXE [Webapp][Security] Eclipse Help Server XSS 2011-09-29
330026 maj P3 cgold cgold RESO FIXE [Webapp][Security] Fix for Eclipse 3.6.2 Eclipse Help Server XSS 2011-06-10
332980 nor P3 aniefer equinox.launcher-inbox RESO WONT win32 java.library.path problems 2019-05-14
333959 nor P3 eclipse milesg78 CLOS FIXE cross-site scripting vulnerability 2012-01-16
336767 nor P3 jasonweathersby zqian VERI FIXE Security Issue in BIRT Viewer 2014-03-19
337878 maj P3 bsh666 david.a.jencks RESO WORK Jetty security handler fails to restrict GET method when handling servlets 2011-04-08
361316 cri P3 gregw janb CLOS FIXE DoS attack from similar hash values 2012-03-22
367533 maj P2 gunnar phoenix.ui-inbox RESO FIXE Reset Password allows to hijack accounts for SSH access (and other options) 2012-03-22
367638 cri P3 gregw boulay RESO FIXE Denial of Service attack ocert-2011-003 / CVE-2011-4461 2012-03-05
378977 maj P3 stephen.francisco tjwatson RESO FIXE [Webapp] Possible security issue with JSP code exposure. - backport to 3.5.2+ 2012-05-09
378979 maj P3 stephen.francisco tjwatson RESO FIXE [Webapp] Possible security issue with JSP code exposure. backport for 3.4.2+ 2012-09-26
390491 maj P3 tjwatson tjwatson RESO FIXE [Webapp] Possible security issue with JSP code exposure. 2012-09-27
395246 cri P3 milesg78 milesg78 CLOS FIXE Access to forbidden directories can be granted 2013-01-02
409439 maj P3 bill.thrall Birt-ReportEngine-inbox NEW --- Security Vulnarabilities in BIRT 4.2.2 2020-01-10
410861 nor P3 lamujuri winston.prakash NEW --- LDAP: Server field validation error appears in multiple LDAP fields 2016-06-14
421097 maj P3 gurjant31 chris.guindon CLOS FIXE Open redirect 2015-05-25
421700 maj P3 jamiesonoreilly portal-inbox RESO FIXE Reflected XSS - https://dev.eclipse.org/portal/myfoundation/tests/explore.php 2013-11-14
421726 cri P3 denis.roy phoenix.ui-inbox RESO FIXE [Security] SQL injection in http://www.eclipse.org/membership/scripts/get_image.php 2013-11-14
421759 cri P3 shahmeerbond phoenix.ui-inbox RESO FIXE [security] SQL injection in [http://eclipse.org/membership/showMember.php] By Shahmeer Amir and Rafay Baloch 2013-11-14
421875 maj P3 michaelvedel phoenix.ui-inbox RESO FIXE Vulnerabilities on http://www.eclipse.org/‏ 2013-11-21
424827 nor P3 wayne.beaton chris.guindon RESO FIXE Potential XSS vulnerability on /downloads page. 2015-04-13
425195 enh P3 icraggs icraggs CLOS NOT_ The Paho Java client does not perform peer verification on the connected socket 2019-08-07
427830 nor P3 wayne.beaton phoenix.ui-inbox RESO FIXE XSS vulnerability on www.eclipse.org 2014-02-12
428032 nor P3 denis.roy chris.guindon RESO FIXE Multiple XSS on site_login 2014-09-29
429494 nor P3 LpSolit webmaster RESO FIXE https://bugs.eclipse.org/bugs/ is vulnerable to CVE-2009-3555 2018-02-07
429944 cri P3 dpardon Birt-ReportEngine-inbox NEW --- ReportEngine IllegalArgumentException when a securityManager is set in JVM 2016-10-03
435095 cri P3 thanh.ha dtp.enablement-inbox RESO FIXE HIPP jobs are SSHing to build.eclipse.org and storing passwords in config files 2014-05-20
438006 enh P3 flo ecf.core-inbox RESO FIXE [XMPP] Update to Smack 4 2016-12-03
438901 cri P3 frank.jakop niraj.modi VERI FIXE Style PASSWORD | READ_ONLY without BORDER displays plain text password 2014-08-28
443883 nor P3 tanujjane phoenix.ui-inbox RESO FIXE [site_login] Password change should invalidate all active sessions 2015-05-06
446937 nor P3 markus.buchner winston.prakash RESO WONT Security: check various security flaws 2019-05-14
453797 maj P3 mygwaymark winston.prakash RESO WONT [Security] A user with only Job Read and Build privileges can see the default password stored against a password parameter 2019-05-14
454558 maj P3 mygwaymark winston.prakash RESO WONT [Security] A malicious user can find usernames by vectors on loadUserByUsername 2019-05-14
454560 maj P3 mygwaymark winston.prakash RESO WONT [Security] x site scripting vulnerability 2019-05-14
458276 blo P3 mygwaymark winston.prakash RESO WONT [Security] a deleted user who is authenticated in a browser can still build jobs etc.. 2019-05-14
458571 cri P3 Vvvaagn thatnitind RESO FIXE XXE in DTD Parser/Validator 2020-07-15
463809 blo P3 emueller emfstore.servercore-inbox CLOS FIXE [Security] addInitialParticipant remote method allows privilege escalation 2015-05-11
464047 nor P3 queenie.chow winston.prakash RESO WONT Password in Query or Cookie Data 2019-05-14
474575 nor P3 prashant.iiitmk phoenix.ui-inbox RESO FIXE The website may allow automated account creation. 2015-08-31
487014 nor P3 david.hofmann egit.core-inbox CLOS DUPL Support for CodeCommit via HTTPS 2016-02-03
491838 maj P3 research winston.prakash RESO WONT Two security vulnerabilities 2019-05-14
509799 maj P3 wayne.beaton epp.packager-inbox RESO FIXE Symantec reports a Trojan SONAR.AM.C!g24 in eclipse 2020-10-02
510211 nor P3 wayne.beaton fwaibel ASSI --- Virgo downloads include a vulnerable version of Spring 2020-01-20
510249 maj P3 contact kura.core-inbox RESO FIXE Eclipse Kura uses a vulnerable version of Apache Commons Fileupload 2019-03-27
513268 cri P3 contact webmaster RESO FIXE Open Redirection vulnerability in wiki.eclipse.org 2017-03-21
513625 nor P3 claudio.mezzasalma kapua-inbox NEW --- Should we enable gzip compression on the HTTP server instances? 2020-01-13
516765 cri P3 contact vulnerability.reports-inbox RESO FIXE CVE-2017-7650: Eclipse Mosquitto ACL security issue 2018-02-25
519169 cri P1 alonbo d_a_carver ASSI --- XXE Vulnerability found in Eclipse 2020-01-10
522431 cri P3 mccafferty Birt-ReportEngine-inbox ASSI --- Known security vulnerabilities in OSGi runtime 2020-05-01
526392 blo P3 kishorekum kalyan_prasad RESO FIXE JSP source is shown if extension is not matching exactly (case-sensitive) 2020-03-30
527762 maj P3 vv130295 phoenix.ui-inbox CLOS DUPL Cross site scripting 2017-11-27
527966 min P3 archon358 jdt-ui-inbox RESO NOT_ Eclipse startup error dialog if user installs Bouncy Castle into their JDK installation. 2017-11-30
529754 cri P3 f.balabanian vulnerability.reports-inbox RESO FIXE Mosquitto Server Shutdown Attack 2018-04-24
530102 cri P3 roger vulnerability.reports-inbox RESO FIXE Reloading Mosquitto configuration may fail if no file descriptors are available 2018-04-25
530629 nor P3 Peter_Shipton vulnerability.reports-inbox RESO FIXE Security vulnerability found in OpenJ9 project 2018-03-02
531688 nor P3 contact Birt-ReportViewer-inbox NEW --- Report viewer is vulnerable to cross-site scripting 2020-01-10
531823 maj P3 christopher.hacking platform-swt-inbox NEW --- Insecure DLL loading (swt-[gdip-]win32*.dll) 2020-01-24
532113 nor P3 icraggs vulnerability.reports-inbox RESO FIXE CVE-2017-7653: Eclipse Mosquitto does not validate topic strings 2019-01-23
533258 nor P3 queenpresearch vulnerability.reports-inbox RESO FIXE Californium/Leshan DTLS PSK identity oracle 2021-09-29
533493 cri P3 daniel.romero vulnerability.reports-inbox RESO FIXE CVE-2017-7654: Mosquitto Broker DoS through a Memory Leak vulnerability 2019-01-23
533775 maj P3 daniel.romero vulnerability.reports-inbox RESO FIXE CVE-2017-7655: Potential NULL Dereference vulnerability in Mosquitto Library 2019-03-27
534108 nor P3 kjjaeger marketplace-inbox RESO FIXE The site marketplace.eclipse.org only supports TLS 1.0 security 2019-02-13
534589 nor P3 wayne.beaton vulnerability.reports-inbox RESO FIXE OpenJ9 Vulnerabilities 2018-08-14
535667 nor P3 jesse.mcconnell vulnerability.reports-inbox CLOS FIXE Jetty: CVE Request: HTTP/0.9 Request Smuggling 2022-11-02
535855 nor P3 s10156225 vulnerability.reports-inbox NEW --- VertX - CSRF Protection Bypass 2018-06-13
536018 nor P3 jesse.mcconnell vulnerability.reports-inbox CLOS FIXE Jetty: CVE Request: FileBasedSessionStore Session Stealing 2023-08-10
536038 cri P3 anemec vulnerability.reports-inbox RESO FIXE CVE-2018-12537: vert.x: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers 2018-08-14
538142 cri P3 stuxxn rvinjamu RESO FIXE Security bug - RCE in BIRT viewer example 2021-06-25
538320 maj P3 sergeikrivonos rcptt-inbox UNCO --- RSE: security warning 2018-08-27
539170 nor P3 julien vulnerability.reports-inbox RESO FIXE WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake 2019-02-01
539171 nor P3 julien vulnerability.reports-inbox RESO FIXE The StaticHandler does not properly neutralize forward slashes 2019-02-01
539295 nor P3 roger vulnerability.reports-inbox RESO FIXE Remote crash in Mosquitto 1.5 to 1.5.2 2019-02-01
539568 nor P3 julien vulnerability.reports-inbox RESO FIXE The OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks 2019-02-01
540550 maj P3 rebelliousbd vulnerability.reports-inbox RESO FIXE Password change should invalidate all user sessions 2018-11-02
540989 nor P3 sgayou vulnerability.reports-inbox RESO FIXE Che build incorporates binaries downloaded over http -- potential MITM risk. 2021-10-03
541870 nor P3 a3135134 vulnerability.reports-inbox RESO FIXE mosquitto: An empty ACL file grant all permissions to clients 2019-02-08
543127 maj P3 contact vulnerability.reports-inbox RESO FIXE Access Control Violation via Retained Message in Eclipse Mosquitto 2019-02-08
543401 cri P3 taylorc vulnerability.reports-inbox RESO FIXE Blank username allows Mosquitto Security Bypass 2019-02-08
543626 nor P3 or icraggs RESO FIXE Possible Vulnerabilities in Eclipse paho.mqtt.c 2021-05-03
543792 nor P3 Peter_Shipton vulnerability.reports-inbox RESO FIXE OpenJ9 OpenSSL natives are public 2019-02-01
544019 nor P3 vij.singh vulnerability.reports-inbox RESO FIXE OpenJ9 may fail to null check the receiver of an unsafe call 2019-02-08
544089 nor P3 hardik.tarpara vulnerability.reports-inbox RESO INVA Memory Overflow 2019-02-04
544323 nor P3 allencc.chen vulnerability.reports-inbox CLOS WORK [installer] mosquitto-1.5.6-install-windows-x86.exe has detected virus 2019-09-17
544819 maj P3 cve.reporting vulnerability.reports-inbox RESO FIXE DTLS server - buffer overflow leading to crash (dtls_create_cookie) 2020-01-09
544824 maj P3 cve.reporting vulnerability.reports-inbox RESO FIXE DTLS server - buffer overflow leading to crash (dtls_update_parameters) 2020-01-13
544852 maj P3 Jonathan.Leitschuh vulnerability.reports-inbox CLOS MOVE Releases were & are built/executed/tested/released in the context of insecure/untrusted code 2021-12-23
545588 nor P3 heidinga openj9-inbox RESO FIXE Crash on unverifiable bytecode 2019-04-22
546046 nor P3 carlotta.tagliaro roger CLOS INVA Mosquitto server allows connecting with random PSK credentials if TLS is configured with no 'require_certificate' parameter 2019-12-19
546053 maj P3 dominic.schabel vulnerability.reports-inbox RESO FIXE Eclipse hawkBit: New CVE Request 2019-05-09
546121 nor P3 joakim.erdfelt vulnerability.reports-inbox RESO FIXE Jetty CVE Request: DefaultServlet / ResourceHandler XSS Thu 11:40
546576 nor P3 joakim.erdfelt vulnerability.reports-inbox RESO FIXE Jetty CVE Request: Information Reveal - Windows Directory Listings 2022-10-06
546577 nor P3 joakim.erdfelt vulnerability.reports-inbox RESO FIXE Jetty CVE Request: Information Reveal - DefaultHandler 2023-04-28
546622 nor P3 alexander.edelmann vulnerability.reports-inbox RESO FIXE Eclipse Vorto: New CVE Request 2019-05-09
546816 maj P3 vineetpandeyalld guans RESO FIXE Reflected XSS vulnerability in the __format URL parameter 2019-08-10
546996 nor P3 christian.dietrich.opensource vulnerability.reports-inbox RESO FIXE Eclipse Xtext/Xtend: New CVE Request 2019-05-06
547007 cri P3 Jonathan.Leitschuh Birt-Build-inbox NEW --- [SECURITY] HTTP Resolution of dependencies in build expose BIRT build to MITM attack compromise 2020-01-10
547008 cri P3 Jonathan.Leitschuh orion.server-inbox NEW --- [SECURITY] HTTP Resolution of dependencies in build expose Orion build to MITM attack compromise 2020-01-10
547372 nor P3 carlotta.tagliaro roger CLOS MOVE Mosquitto broker and client default to TLS_AES_256_GCM_SHA384 with tls1.3 2020-12-15
547734 nor P3 csdonat vulnerability.reports-inbox RESO FIXE Eclipse Buildship: New CVE Request 2020-01-10
548244 maj P3 j.rousseau vulnerability.reports-inbox CLOS MOVE Vulnerability within Oracle Mojarra JSF v2.2 and v2.3 2021-12-23
548634 nor P3 sunnydhoke22 phoenix.ui-inbox RESO WORK ECA status is not updated even after signing it after multiple trie./ 2019-06-27
549191 nor P3 charlie.gracie omr-inbox RESO FIXE RPATHs on AIX 2019-09-16
549192 nor P3 charlie.gracie omr-inbox RESO FIXE Loop Versioner 2019-09-16
549491 nor P3 more7.rev vulnerability.reports-inbox CLOS MOVE mosquitto 2019-07-24
549525 maj P3 robert.merget vulnerability.reports-inbox CLOS MOVE State Machine Flaws, POODLE and Padding Oracles in Scandium 2021-12-23
549601 nor P3 Peter_Shipton openj9-inbox RESO FIXE Loop Versioner 2019-07-30
549934 min P3 carolina.adaros icraggs VERI FIXE Request for CVE in known hostname validation vulnerability in the MQTT library 2019-09-17
550943 nor P3 an vulnerability.reports-inbox CLOS FIXE Mojarra multiple directory traversal issues 2021-08-16
551206 cri P3 Jonathan.Leitschuh vulnerability.reports-inbox RESO INVA CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 2020-01-10
551423 nor P3 gonz0_12 vulnerability.reports-inbox CLOS FIXE repo.locationtech.org Only Supports TLS 1.1 Which is Unsecure 2020-01-10
551468 nor P3 ceri.coburn Birt-ReportViewer-inbox NEW --- BIRT: Reflected XSS in Viewer frameset servlet parameter names 2020-01-10
551596 cri P3 mgrube che-inbox RESO FIXE Remote Code Execution Vulnerability in Web Interface 2019-12-19
551680 maj P3 laurence.labonte Platform-UI-Inbox RESO FIXE [Webapp][Security] XSS in query param of webapp war file 2019-10-02
551747 nor P3 wayne.beaton vulnerability.reports-inbox RESO FIXE Arbitrary File Read Abusing The `mini-browser` Extension 2020-03-12
552129 nor P3 Peter_Shipton openj9-inbox RESO FIXE Dump creation 2019-10-16
552542 nor P3 iassen.minov vulnerability.reports-inbox RESO FIXE XSS in Memory Analyzer plugin for Eclipse 2020-01-17
553067 cri P1 gcolburn rap-inbox RESO FIXE Accidental XSS possible with HTML MARKUP_ENABLED in RAP 2020-01-02
553684 nor P3 c411vm epp.packager-inbox NEW --- Virus scan of Eclipse package reports Java/CVE-2011-3544.dn malware 2021-09-20
558633 nor P3 andrew_johnson mat.core-inbox RESO FIXE Deserialization issues 2021-02-26
559604 cri P3 627963028 vulnerability.reports-inbox NEW --- glassfish iiop protocal unserializable remote code execute 2022-06-06
559719 cri P3 panagiotis.vasilikos webmaster RESO MOVE Bug in mosquittos MQTT password file parser allows adversaries to modify the loaded password file instance and authenticate as another client. 2020-01-31
561109 maj P3 luigi.gubello vulnerability.reports-inbox RESO FIXE Javascript injection via notification messages in Theia IDE 2021-08-16
561375 nor P3 wayne.beaton vulnerability.reports-inbox RESO WONT [science.dawnsci] Insecure unmarshling using XMLDecoder leading to RCE 2021-09-20
561430 nor P3 williams.ry vulnerability.reports-inbox RESO INVA Out of Bound Pointer in Mosquitto 1.6.9 2021-08-16
562121 nor P3 alvaro vulnerability.reports-inbox RESO MOVE EL parser bug allow bypass of EL expression escaping 2021-05-26
562724 blo P3 dimerm vulnerability.reports-inbox RESO NOT_ bug in eclipse 202003 version can be vulnerable to Command Injection 2021-09-20
563784 nor P3 an vulnerability.reports-inbox CLOS WONT Mojarra RESOURCE_EXCLUDES filtering bypass 2021-08-16
563881 nor P3 wangqinying vulnerability.reports-inbox CLOS MOVE Unauthorized response topic 2021-12-23
563882 nor P3 wangqinying vulnerability.reports-inbox CLOS FIXE Unauthorized retained message 2021-08-30
563998 nor P3 Peter_Shipton openj9-inbox RESO FIXE Undefined return value 2020-10-22
564984 nor P3 jesse.mcconnell vulnerability.reports-inbox RESO FIXE CVE Request: Jetty Corrupt Response Buffer 2022-03-14
565671 nor P3 JTanski vulnerability.reports-inbox RESO FIXE Mosquitto Windows Service Unquoted Path vulnerability 2020-08-11
566169 nor P3 Jacobpeatg platform-runtime-inbox NEW --- Code Injection in Eclipse macOS desktop client 2021-09-20
567068 nor P3 kai.hudalla vulnerability.reports-inbox RESO FIXE Hono's AMQP adapter does not check/limit incoming message size 2021-09-20
567213 nor P3 roland.sako vulnerability.reports-inbox RESO FIXE Vulnerability in Mosquitto configuration file parsing 2023-03-31
567416 nor P3 julien vulnerability.reports-inbox RESO FIXE Eclipse Vert.x StaticHandler doesn't correctly process back slashes 2020-10-29
567921 maj P3 gregw vulnerability.reports-inbox RESO FIXE Jetty vulnerable to temporary directory hijacking 2020-10-22
568018 nor P3 paul.marechal vulnerability.reports-inbox RESO FIXE Theia "mini-browser" extension RCE exploit 2021-09-01
568803 nor P3 wayne.beaton vulnerability.reports-inbox CLOS MOVE Vulnerability in TinyDTLS 2021-12-23
569763 nor P3 Peter_Shipton openj9-inbox RESO FIXE Stack buffer overflow 2021-02-18
569855 nor P3 andrew_johnson andrew_johnson RESO FIXE Vulnerability in Eclipse livehelp. 2021-06-22
570090 nor P3 chris.guindon martin.lowe RESO FIXE OBB-1677065 - XSS vuln for eclipse.org 2021-01-25
570105 nor P3 736560763 sbernard RESO FIXE A null pointer reference exists in the wakaama project. 2021-09-20
570289 nor P3 dominic.schabel vulnerability.reports-inbox RESO FIXE Eclipse hawkBit CVE request: Improper escaping of JSON response field 2021-09-20
570582 nor P3 tony.homer tony.homer RESO FIXE Update bundled guava and any guava dependencies to 30.0+ 2021-04-19
571233 nor P3 gomer12 vulnerability.reports-inbox CLOS FIXE Security Leak Information: Maven Password‏ 2021-03-01
571411 cri P3 joery vulnerability.reports-inbox RESO FIXE security - LFI on eclipse.org/mylyn 2021-03-02
571428 nor P3 mikael.barbero ci.admin-inbox CLOS FIXE [Security] Unauthorized users could access agent logs 2021-02-23
571477 nor P3 andrew_johnson platform-releng-inbox RESO FIXE API key in build job definition shell script 2021-03-02
571856 nor P3 Peter_Shipton openj9-inbox RESO FIXE Use of ConstantPool may not initialize class 2021-04-21
572161 nor P3 rnsztng+eclipse jakub.mazanek CLOS MOVE Some staging website is exposed. 2021-12-23
572218 nor P3 ctwalker vulnerability.reports-inbox RESO FIXE Jetty 100% CPU upon receiving a large invalid TLS Frame 2021-04-01
572219 nor P3 ctwalker vulnerability.reports-inbox RESO FIXE Jetty Ambiguous Paths can access WEB-INF 2021-04-01
572220 nor P3 ctwalker vulnerability.reports-inbox RESO FIXE Jetty Symlink Directory Exposes Webapp Directory Contents 2021-04-01
572608 cri P3 roger vulnerability.reports-inbox RESO FIXE Mosquitto: CVE request - NULL pointer dereference on crafted CONNACK 2021-08-05
572718 blo P3 muthuveerappan mat.core-inbox RESO FIXE 4th party library issue 2021-06-22
573118 maj P3 esimpson equinox.security-inbox NEW --- Secure Storage uses weak PBE with MD5/DES as default algorithm 2023-02-21
573389 nor P3 steven vulnerability.reports-inbox RESO FIXE Jetty Utility Servlets Double Decoding Information Disclosure Vulnerability 2021-06-08
573743 cri P1 peter.stockli webmaster RESO FIXE The Eclipse Security Mailing list is publicly accessible! 2021-05-25
573993 nor P3 amollondhe_2007 zoltan.ujhelyi RESO FIXE Username Compromised using jenkins 2021-09-23
574141 maj P3 bpearson vulnerability.reports-inbox CLOS FIXE Remote crash in Mosquitto 2.0.7 when publish topic length is 0 2021-08-22
574146 nor P3 lachlan vulnerability.reports-inbox RESO FIXE Jetty SessionListener can prevent a session from being invalidated breaking logout. 2021-06-28
574325 nor P3 mengrj.cs vulnerability.reports-inbox CLOS MOVE [iot.tinydtls] Infinite loop during handshake for TinyDTLS 2021-12-23
574327 nor P3 mengrj.cs vulnerability.reports-inbox CLOS MOVE Buffer over-read bug in the function dtls_sha256_update 2021-12-23
574386 nor P3 wayne.beaton akurtakov RESO FIXE Vulnerabilities discovered in third-party content 2021-11-10
574921 nor P3 wayne.beaton vulnerability.reports-inbox CLOS MOVE Broken TLS server certificate validation in Eclipse ioFog agent 2021-12-23
575011 maj P3 564524419 Platform-UI-Inbox CLOS NOT_ CPU is full 2021-07-26
575281 maj P3 achim.kraus cf-inbox RESO FIXE 2.0 - 2.6 : DTLS vulnerability not verifying the server certificate, when ServerKeyExchange is not signed 2021-08-24
575324 nor P3 syncxx19 vulnerability.reports-inbox CLOS MOVE Mosquitto broker with Dynamic Security Plugin may lead to access control failure 2021-12-23
575688 nor P3 some-eclipse-user-849645713... equinox.p2-inbox CLOS MOVE Prevent downloading artifacts over unencrypted HTTP by default 2023-03-25
575924 maj P3 ndevtk vulnerability.reports-inbox RESO FIXE XSS in @theia/plugin-ext webview 2022-01-14
576395 nor P3 Peter_Shipton openj9-inbox RESO FIXE OpenJ9 must throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods 2021-10-20
577157 nor P3 kevin.grigorenko andrew_johnson RESO FIXE Jetty CVE-2021-34429 2022-04-28
577337 nor P3 johann.beleites+eclipse_forums vulnerability.reports-inbox CLOS MOVE The eclip.se URL shortener also shortens external links 2021-12-23
577471 cri P3 mauriarroqui wst.dtd-inbox NEW --- XXE in DTD Parser/Validator 2021-11-26
578193 nor P3 bhonsleaditya1 openj9-inbox CLOS FIXE Delete PR 2023-02-13
579644 cri P3 moloney vulnerability.reports-inbox RESO WORK "log4Shell" vulnerabilities still exist in Eclipse Dependencies 2022-04-21
579744 nor P3 Peter_Shipton openj9-inbox RESO FIXE OpenJ9 allows unverified methods to be invoked using MethodHandles 2022-04-22
580018 nor P3 nurullah.erinola vulnerability.reports-inbox NEW --- Denial-of-Service vulnerability in the DTLS stack 2022-07-29
580084 cri P3 nilesh.patil2047 vulnerability.reports-inbox RESO INVA Jenkins URL exposed 2022-06-07
580118 maj P3 0xnaeem vulnerability.reports-inbox RESO NOT_ Reflected XSS On isencia.com 2022-06-09
580391 cri P3 louis.wolfers vulnerability.reports-inbox CLOS FIXE RCE on the default configuration of BIRT Viewer 2023-03-15
580460 maj P3 Theokeen vulnerability.reports-inbox CLOS FIXE Xss vulnerability - /downloads-viewer.php?s= 2022-08-02
580566 cri P3 sarafsaransh321 vulnerability.reports-inbox CLOS FIXE Description : You are using Swagger ui to share api docs, which uses DomPurify which is vulnerable to insecure input validation and overall your domain becomes vulnerable to Reflected XSS 2022-08-22
581048 nor P3 fyw_881020 vulnerability.reports-inbox NEW --- about javafx plug 2022-11-14
582260 nor P3 daniel.deveau andrew_johnson ASSI --- MAT 1.14.0 BouncyCastle CVE-2023-33201 Thu 02:48
198 bugs found.
CSV Feed iCal

as