Eclipse Security Vulnerabilities (CVEs)
Track 76 security vulnerabilities affecting Eclipse products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Eclipse ThreadX NetX Duo allows an attacker to cause an integer wrap-around in the __portable_aligned_alloc() function, leading ...
Mar 26, 2024This vulnerability allows remote code execution through out-of-bounds write flaws in Azure RTOS USBX's USB host and device classes, specifically affec...
Dec 5, 2023This vulnerability in Eclipse Mosquitto allows denial-of-service attacks by establishing connections without sending data, causing excessive CPU consu...
Oct 18, 2023This CVE describes an integer overflow vulnerability in Eclipse Jetty's HTTP/2 HPACK header processing. Attackers can send specially crafted HTTP/2 re...
Oct 10, 2023CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server res...
Oct 10, 2023This vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable Eclipse RAP versions. Attackers can exploit...
Sep 21, 2023This is a buffer overflow vulnerability in Eclipse OpenJ9's shared cache feature, which is enabled by default. Attackers could exploit this to cause d...
May 22, 2023CVE-2015-8031 is an XML External Entity (XXE) vulnerability in Hudson CI/CD server that allows attackers to read arbitrary files from the server files...
Jul 18, 2022This vulnerability in Eclipse Jetty's HTTP/2 server implementation allows attackers to cause denial of service by sending invalid HTTP/2 requests that...
Jul 7, 2022CVE-2022-29246 is a buffer overflow vulnerability in Azure RTOS USBX's DFU UPLOAD functionality that allows attackers to bypass security features or e...
May 24, 2022CVE-2021-41040 is an out-of-bounds read vulnerability in Eclipse Wakaama's CoAP parsing code that allows attackers to read sensitive memory contents. ...
Feb 1, 2022CVE-2021-41036 is a critical buffer overflow vulnerability in the Eclipse Paho MQTT C Client library where the client fails to properly validate the r...
Nov 3, 2021This vulnerability in Eclipse Openj9 allows attackers to bypass Java access controls by using MethodHandles to invoke interface methods that should be...
Oct 25, 2021Eclipse Che versions 6 builds for Java 8, Android, and PHP stacks pull binaries from unsecured HTTP endpoints during build time, making them vulnerabl...
Sep 29, 2021This vulnerability allows man-in-the-middle attacks when Eclipse Equinox installations use HTTP repositories for p2 updates. Attackers can intercept a...
Sep 13, 2021CVE-2021-32835 is a sandbox escape vulnerability in Eclipse Keti that allows authenticated attackers to execute arbitrary code on affected systems. Th...
Sep 9, 2021CVE-2020-18735 is a heap buffer overflow vulnerability in Eclipse IOT Cyclone DDS Project that allows attackers to crash the DDS subscriber server thr...
Aug 23, 2021This vulnerability in Eclipse Californium allows attackers to bypass certificate verification during DTLS handshakes, enabling man-in-the-middle attac...
Aug 20, 2021This vulnerability allows remote attackers to crash Eclipse Mosquitto MQTT broker servers by sending a specially crafted PUBLISH packet with zero-leng...
Jul 27, 2021This vulnerability allows remote attackers to execute arbitrary Java Server Pages (JSP) code on Eclipse BIRT servers by injecting malicious code throu...
Jun 25, 2021This vulnerability in Eclipse Jetty allows denial-of-service attacks by causing 100% CPU usage when processing large invalid TLS frames. Attackers can...
Apr 1, 2021This vulnerability allows an unauthenticated local attacker to send active help commands to Eclipse Platform processes, potentially executing arbitrar...
Mar 9, 2021CVE-2020-27224 is a critical vulnerability in Eclipse Theia's Markdown Preview component that allows cross-site scripting (XSS) to escalate to arbitra...
Feb 24, 2021This vulnerability in Eclipse Californium allows clients to cause a denial-of-service (DoS) by exploiting a DTLS handshake state error. The DTLS serve...
Feb 3, 2021This is a critical stack-based buffer overflow vulnerability in Eclipse OpenJ9 JVM versions up to 0.23. It allows attackers to execute arbitrary code ...
Jan 21, 2021CVE-2019-17640 is a path traversal vulnerability in Eclipse Vert.x's StaticHandler component on Windows systems. It allows attackers to escape the con...
Oct 15, 2020Why Monitor Eclipse Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 76+ known vulnerabilities affecting Eclipse products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Eclipse packages in under 60 seconds. No agents required - completely agentless scanning that works across Eclipse deployments.
Free vulnerability database: Access detailed information about every Eclipse CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Eclipse CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
