Filtered by vendor Eclipse
Subscriptions
Total
252 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55086 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-24 | 9.8 Critical |
| In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read. | ||||
| CVE-2025-55100 | 1 Eclipse | 2 Threadx Usbx, Usbx | 2025-10-23 | 9.1 Critical |
| In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies. | ||||
| CVE-2025-55098 | 1 Eclipse | 2 Threadx Usbx, Usbx | 2025-10-23 | 6.1 Medium |
| In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device. | ||||
| CVE-2025-55099 | 1 Eclipse | 2 Threadx Usbx, Usbx | 2025-10-23 | 6.1 Medium |
| In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields. | ||||
| CVE-2025-55097 | 1 Eclipse | 2 Threadx Usbx, Usbx | 2025-10-23 | 6.1 Medium |
| In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device. | ||||
| CVE-2025-55096 | 1 Eclipse | 2 Threadx Netx Duo, Threadx Usbx | 2025-10-23 | 6.1 Medium |
| In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device. | ||||
| CVE-2025-55079 | 1 Eclipse | 1 Threadx | 2025-10-22 | 5.5 Medium |
| In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a possible denial of service. | ||||
| CVE-2025-55080 | 1 Eclipse | 1 Threadx | 2025-10-22 | 7.1 High |
| In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write. | ||||
| CVE-2025-55078 | 1 Eclipse | 1 Threadx | 2025-10-21 | 5.5 Medium |
| In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region. | ||||
| CVE-2025-55091 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | 6.5 Medium |
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data. | ||||
| CVE-2025-55090 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | 6.5 Medium |
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet. | ||||
| CVE-2025-55084 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | 5.3 Medium |
| In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field. | ||||
| CVE-2025-55082 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | 5.3 Medium |
| In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message. | ||||
| CVE-2024-43787 | 2 Eclipse, Hono | 2 Hono, Hono | 2025-09-17 | 5 Medium |
| Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware using upper-case form-like MIME type. This vulnerability is fixed in 4.5.8. | ||||
| CVE-2025-4447 | 2 Eclipse, Redhat | 2 Openj9, Enterprise Linux | 2025-09-05 | 7.8 High |
| In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts. | ||||
| CVE-2021-28165 | 5 Eclipse, Jenkins, Netapp and 2 more | 28 Jetty, Jenkins, Cloud Manager and 25 more | 2025-08-27 | 7.5 High |
| In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | ||||
| CVE-2020-27223 | 6 Apache, Debian, Eclipse and 3 more | 22 Nifi, Solr, Spark and 19 more | 2025-08-20 | 5.2 Medium |
| In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | ||||
| CVE-2025-2258 | 1 Eclipse | 1 Threadx Netx Duo | 2025-07-31 | 7.5 High |
| In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728. | ||||
| CVE-2025-2259 | 1 Eclipse | 1 Threadx Netx Duo | 2025-07-31 | 7.5 High |
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727 | ||||
| CVE-2024-10838 | 1 Eclipse | 1 Cyclone Data Distribution Service | 2025-07-31 | 9.1 Critical |
| An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions. | ||||