Download
Getting Started
Members
Projects
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
More
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
Toggle navigation
Bugzilla – Bug List
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
Terms of Use
|
Copyright Agent
Thu May 9 2024 14:14:50 EDT
Hide Search Description
Keywords:
security
202 bugs found.
ID
Product
Comp
Assignee
▲
Status
▲
Resolution
Summary
Changed
538320
RCPTT
ECL
rcptt-inbox
UNCO
---
RSE: security warning
2018-08-27
547007
z_Archiv
BIRT
Birt-Build-inbox
NEW
---
[SECURITY] HTTP Resolution of dependencies in build expose BIRT build to MITM attack compromise
2020-01-10
409439
z_Archiv
BIRT
Birt-ReportEngine-inbox
NEW
---
Security Vulnarabilities in BIRT 4.2.2
2020-01-10
429944
z_Archiv
BIRT
Birt-ReportEngine-inbox
NEW
---
ReportEngine IllegalArgumentException when a securityManager is set in JVM
2016-10-03
531688
z_Archiv
BIRT
Birt-ReportViewer-inbox
NEW
---
Report viewer is vulnerable to cross-site scripting
2020-01-10
551468
z_Archiv
BIRT
Birt-ReportViewer-inbox
NEW
---
BIRT: Reflected XSS in Viewer frameset servlet parameter names
2020-01-10
553684
EPP
jee-pack
epp.packager-inbox
NEW
---
Virus scan of Eclipse package reports Java/CVE-2011-3544.dn malware
2021-09-20
573118
Equinox
Security
equinox.security-inbox
NEW
---
Secure Storage uses weak PBE with MD5/DES as default algorithm
2023-02-21
513625
Kapua
General
kapua-inbox
NEW
---
Should we enable gzip compression on the HTTP server instances?
2020-01-13
547008
Orion (A
Deployme
orion.server-inbox
NEW
---
[SECURITY] HTTP Resolution of dependencies in build expose Orion build to MITM attack compromise
2020-01-10
566169
Platform
IDE
platform-runtime-inbox
NEW
---
Code Injection in Eclipse macOS desktop client
2021-09-20
531823
Platform
SWT
platform-swt-inbox
NEW
---
Insecure DLL loading (swt-[gdip-]win32*.dll)
2020-01-24
535855
Vertx
Core
vulnerability.reports-inbox
NEW
---
VertX - CSRF Protection Bypass
2018-06-13
559604
z_Archiv
Orb
vulnerability.reports-inbox
NEW
---
glassfish iiop protocal unserializable remote code execute
2022-06-06
580018
Californ
Scandium
vulnerability.reports-inbox
NEW
---
Denial-of-Service vulnerability in the DTLS stack
2022-07-29
581048
Communit
Vulnerab
vulnerability.reports-inbox
NEW
---
about javafx plug
2022-11-14
410861
Hudson
Core
winston.prakash
NEW
---
LDAP: Server field validation error appears in multiple LDAP fields
2016-06-14
577471
WTP Sour
wst.dtd
wst.dtd-inbox
NEW
---
XXE in DTD Parser/Validator
2021-11-26
519169
andmore
Core
d_a_carver
ASSI
---
XXE Vulnerability found in Eclipse
2020-01-10
522431
z_Archiv
BIRT
Birt-ReportEngine-inbox
ASSI
---
Known security vulnerabilities in OSGi runtime
2020-05-01
510211
Virgo
unknown
fwaibel
ASSI
---
Virgo downloads include a vulnerable version of Spring
2020-01-20
581199
Communit
Vulnerab
vulnerability.reports-inbox
ASSI
---
In Eclipse Mosquitto 2.0.15,unauthenticated clients stil can cause excessive memory use
2023-10-18
553067
RAP
RWT
rap-inbox
RESO
FIXE
Accidental XSS possible with HTML MARKUP_ENABLED in RAP
2020-01-02
573743
Communit
Vulnerab
webmaster
RESO
FIXE
The Eclipse Security Mailing list is publicly accessible!
2021-05-25
367533
Communit
Website
phoenix.ui-inbox
RESO
FIXE
Reset Password allows to hijack accounts for SSH access (and other options)
2012-03-22
574386
z_Archiv
Mylyn
akurtakov
RESO
FIXE
Vulnerabilities discovered in third-party content
2021-11-10
569855
Platform
User Ass
andrew_johnson
RESO
FIXE
Vulnerability in Eclipse livehelp.
2021-06-22
577157
MAT
Core
andrew_johnson
RESO
FIXE
Jetty CVE-2021-34429
2022-04-28
582260
MAT
Core
andrew_johnson
RESO
FIXE
MAT 1.14.0 BouncyCastle CVE-2023-33201
2023-11-10
582476
MAT
Core
andrew_johnson
RESO
FIXE
MAT 2023-09+ CVE-2021-28170
2023-11-20
582631
MAT
Core
andrew_johnson
RESO
FIXE
Validate XML report files against schema and restrict external entity access.
2023-12-11
367638
Jetty
server
boulay
RESO
FIXE
Denial of Service attack ocert-2011-003 / CVE-2011-4461
2012-03-05
575281
Californ
Californ
cf-inbox
RESO
FIXE
2.0 - 2.6 : DTLS vulnerability not verifying the server certificate, when ServerKeyExchange is not signed
2021-08-24
320424
Platform
User Ass
cgold
RESO
INVA
[Webapp][Security] More vulnerabilities based on the topic parameter
2011-06-10
320967
Platform
User Ass
cgold
RESO
FIXE
[Test][Security] Tests for security related bugs
2011-06-10
329582
Platform
User Ass
cgold
RESO
FIXE
[Webapp][Security] Eclipse Help Server XSS
2011-09-29
330026
Platform
User Ass
cgold
RESO
FIXE
[Webapp][Security] Fix for Eclipse 3.6.2 Eclipse Help Server XSS
2011-06-10
551596
Che
General
che-inbox
RESO
FIXE
Remote Code Execution Vulnerability in Web Interface
2019-12-19
424827
Communit
Website
chris.guindon
RESO
FIXE
Potential XSS vulnerability on /downloads page.
2015-04-13
428032
Communit
Website
chris.guindon
RESO
FIXE
Multiple XSS on site_login
2014-09-29
570105
Wakaama
Core
code
RESO
FIXE
A null pointer reference exists in the wakaama project.
2021-09-20
337878
Jetty
server
david.a.jencks
RESO
WORK
Jetty security handler fails to restrict GET method when handling servlets
2011-04-08
435095
Data Too
releng
dtp.enablement-inbox
RESO
FIXE
HIPP jobs are SSHing to build.eclipse.org and storing passwords in config files
2014-05-20
438006
ECF
ecf.prot
ecf.core-inbox
RESO
FIXE
[XMPP] Update to Smack 4
2016-12-03
509799
EPP
java-pac
epp.packager-inbox
RESO
FIXE
Symantec reports a Trojan SONAR.AM.C!g24 in eclipse
2020-10-02
325902
Equinox
Launcher
equinox.launcher-inbox
RESO
FIXE
[launcher] Windows LoadLibrary search cwd DLL exploit
2011-06-10
332980
Equinox
Launcher
equinox.launcher-inbox
RESO
WONT
win32 java.library.path problems
2019-05-14
329193
Equinox
Server-S
equinox.server-side-inbox
RESO
FIXE
[Webapp] Possible security issue with JSP code exposure.
2012-09-26
546816
z_Archiv
BIRT
guans
RESO
FIXE
Reflected XSS vulnerability in the __format URL parameter
2019-08-10
543626
Paho
MQTT
icraggs
RESO
FIXE
Possible Vulnerabilities in Eclipse paho.mqtt.c
2021-05-03
527966
JDT
UI
jdt-ui-inbox
RESO
NOT_
Eclipse startup error dialog if user installs Bouncy Castle into their JDK installation.
2017-11-30
526392
Platform
User Ass
kalyan_prasad
RESO
FIXE
JSP source is shown if extension is not matching exactly (case-sensitive)
2020-03-30
510249
Kura
Core
kura.core-inbox
RESO
FIXE
Eclipse Kura uses a vulnerable version of Apache Commons Fileupload
2019-03-27
534108
Communit
Marketpl
marketplace-inbox
RESO
FIXE
The site marketplace.eclipse.org only supports TLS 1.0 security
2019-02-13
570090
Communit
Vulnerab
martin.lowe
RESO
FIXE
OBB-1677065 - XSS vuln for eclipse.org
2021-01-25
558633
MAT
Core
mat.core-inbox
RESO
FIXE
Deserialization issues
2021-02-26
572718
MAT
Core
mat.core-inbox
RESO
FIXE
4th party library issue
2021-06-22
549191
OMR
General
omr-inbox
RESO
FIXE
RPATHs on AIX
2019-09-16
549192
OMR
General
omr-inbox
RESO
FIXE
Loop Versioner
2019-09-16
545588
openj9
General
openj9-inbox
RESO
FIXE
Crash on unverifiable bytecode
2019-04-22
549601
openj9
General
openj9-inbox
RESO
FIXE
Loop Versioner
2019-07-30
552129
openj9
General
openj9-inbox
RESO
FIXE
Dump creation
2019-10-16
563998
openj9
General
openj9-inbox
RESO
FIXE
Undefined return value
2020-10-22
569763
openj9
General
openj9-inbox
RESO
FIXE
Stack buffer overflow
2021-02-18
571856
openj9
General
openj9-inbox
RESO
FIXE
Use of ConstantPool may not initialize class
2021-04-21
576395
openj9
General
openj9-inbox
RESO
FIXE
OpenJ9 must throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods
2021-10-20
579744
openj9
General
openj9-inbox
RESO
FIXE
OpenJ9 allows unverified methods to be invoked using MethodHandles
2022-04-22
421726
Communit
Website
phoenix.ui-inbox
RESO
FIXE
[Security] SQL injection in http://www.eclipse.org/membership/scripts/get_image.php
2013-11-14
421759
Communit
Website
phoenix.ui-inbox
RESO
FIXE
[security] SQL injection in [http://eclipse.org/membership/showMember.php] By Shahmeer Amir and Rafay Baloch
2013-11-14
421875
Communit
Website
phoenix.ui-inbox
RESO
FIXE
Vulnerabilities on http://www.eclipse.org/‏
2013-11-21
427830
Communit
Website
phoenix.ui-inbox
RESO
FIXE
XSS vulnerability on www.eclipse.org
2014-02-12
443883
Communit
Website
phoenix.ui-inbox
RESO
FIXE
[site_login] Password change should invalidate all active sessions
2015-05-06
474575
Communit
Website
phoenix.ui-inbox
RESO
FIXE
The website may allow automated account creation.
2015-08-31
548634
Communit
Website
phoenix.ui-inbox
RESO
WORK
ECA status is not updated even after signing it after multiple trie./
2019-06-27
571477
Platform
Releng
platform-releng-inbox
RESO
FIXE
API key in build job definition shell script
2021-03-02
551680
Platform
User Ass
Platform-UI-Inbox
RESO
FIXE
[Webapp][Security] XSS in query param of webapp war file
2019-10-02
421700
Communit
Project
portal-inbox
RESO
FIXE
Reflected XSS - https://dev.eclipse.org/portal/myfoundation/tests/explore.php
2013-11-14
538142
z_Archiv
BIRT
rvinjamu
RESO
FIXE
Security bug - RCE in BIRT viewer example
2021-06-25
458571
WTP Sour
wst.dtd
thatnitind
RESO
FIXE
XXE in DTD Parser/Validator
2020-07-15
328795
Equinox
Framewor
tjwatson
RESO
FIXE
[Webapp] Possible security issue with JSP code exposure.
2012-09-05
328975
Equinox
Framewor
tjwatson
RESO
FIXE
[Webapp] Possible security issue with JSP code exposure.
2013-12-20
378977
Equinox
Framewor
tjwatson
RESO
FIXE
[Webapp] Possible security issue with JSP code exposure. - backport to 3.5.2+
2012-05-09
378979
Equinox
Framewor
tjwatson
RESO
FIXE
[Webapp] Possible security issue with JSP code exposure. backport for 3.4.2+
2012-09-26
390491
Equinox
Server-S
tjwatson
RESO
FIXE
[Webapp] Possible security issue with JSP code exposure.
2012-09-27
570582
z_Archiv
m2e
tony.homer
RESO
FIXE
Update bundled guava and any guava dependencies to 30.0+
2021-04-19
516765
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
CVE-2017-7650: Eclipse Mosquitto ACL security issue
2018-02-25
529754
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Mosquitto Server Shutdown Attack
2018-04-24
530102
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Reloading Mosquitto configuration may fail if no file descriptors are available
2018-04-25
530629
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Security vulnerability found in OpenJ9 project
2018-03-02
532113
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
CVE-2017-7653: Eclipse Mosquitto does not validate topic strings
2019-01-23
533258
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Californium/Leshan DTLS PSK identity oracle
2021-09-29
533493
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
CVE-2017-7654: Mosquitto Broker DoS through a Memory Leak vulnerability
2019-01-23
533775
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
CVE-2017-7655: Potential NULL Dereference vulnerability in Mosquitto Library
2019-03-27
534589
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
OpenJ9 Vulnerabilities
2018-08-14
536038
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
CVE-2018-12537: vert.x: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers
2018-08-14
539170
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake
2019-02-01
539171
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
The StaticHandler does not properly neutralize forward slashes
2019-02-01
539295
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Remote crash in Mosquitto 1.5 to 1.5.2
2019-02-01
539568
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
The OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks
2019-02-01
540550
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Password change should invalidate all user sessions
2018-11-02
540989
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Che build incorporates binaries downloaded over http -- potential MITM risk.
2021-10-03
541870
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
mosquitto: An empty ACL file grant all permissions to clients
2019-02-08
543127
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Access Control Violation via Retained Message in Eclipse Mosquitto
2019-02-08
543401
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Blank username allows Mosquitto Security Bypass
2019-02-08
543792
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
OpenJ9 OpenSSL natives are public
2019-02-01
544019
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
OpenJ9 may fail to null check the receiver of an unsafe call
2019-02-08
544089
Communit
Vulnerab
vulnerability.reports-inbox
RESO
INVA
Memory Overflow
2019-02-04
544819
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
DTLS server - buffer overflow leading to crash (dtls_create_cookie)
2020-01-09
544824
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
DTLS server - buffer overflow leading to crash (dtls_update_parameters)
2020-01-13
546053
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Eclipse hawkBit: New CVE Request
2019-05-09
546121
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Jetty CVE Request: DefaultServlet / ResourceHandler XSS
2023-08-31
546576
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Jetty CVE Request: Information Reveal - Windows Directory Listings
2022-10-06
546577
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Jetty CVE Request: Information Reveal - DefaultHandler
2023-09-11
546622
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Eclipse Vorto: New CVE Request
2019-05-09
546996
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Eclipse Xtext/Xtend: New CVE Request
2019-05-06
547734
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Eclipse Buildship: New CVE Request
2020-01-10
551206
Communit
Vulnerab
vulnerability.reports-inbox
RESO
INVA
CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
2020-01-10
551747
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Arbitrary File Read Abusing The `mini-browser` Extension
2020-03-12
552542
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
XSS in Memory Analyzer plugin for Eclipse
2020-01-17
561109
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Javascript injection via notification messages in Theia IDE
2021-08-16
561375
Communit
Vulnerab
vulnerability.reports-inbox
RESO
WONT
[science.dawnsci] Insecure unmarshling using XMLDecoder leading to RCE
2021-09-20
561430
Communit
Vulnerab
vulnerability.reports-inbox
RESO
INVA
Out of Bound Pointer in Mosquitto 1.6.9
2021-08-16
562121
Communit
Vulnerab
vulnerability.reports-inbox
RESO
MOVE
EL parser bug allow bypass of EL expression escaping
2021-05-26
562724
Communit
Vulnerab
vulnerability.reports-inbox
RESO
NOT_
bug in eclipse 202003 version can be vulnerable to Command Injection
2021-09-20
564984
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
CVE Request: Jetty Corrupt Response Buffer
2022-03-14
565671
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Mosquitto Windows Service Unquoted Path vulnerability
2020-08-11
567068
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Hono's AMQP adapter does not check/limit incoming message size
2021-09-20
567213
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Vulnerability in Mosquitto configuration file parsing
2023-03-31
567416
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Eclipse Vert.x StaticHandler doesn't correctly process back slashes
2020-10-29
567921
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Jetty vulnerable to temporary directory hijacking
2020-10-22
568018
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Theia "mini-browser" extension RCE exploit
2021-09-01
570289
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Eclipse hawkBit CVE request: Improper escaping of JSON response field
2021-09-20
571411
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
security - LFI on eclipse.org/mylyn
2021-03-02
572218
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Jetty 100% CPU upon receiving a large invalid TLS Frame
2021-04-01
572219
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Jetty Ambiguous Paths can access WEB-INF
2021-04-01
572220
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Jetty Symlink Directory Exposes Webapp Directory Contents
2021-04-01
572608
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Mosquitto: CVE request - NULL pointer dereference on crafted CONNACK
2021-08-05
573389
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Jetty Utility Servlets Double Decoding Information Disclosure Vulnerability
2021-06-08
574146
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
Jetty SessionListener can prevent a session from being invalidated breaking logout.
2021-06-28
575924
Communit
Vulnerab
vulnerability.reports-inbox
RESO
FIXE
XSS in @theia/plugin-ext webview
2022-01-14
579644
Communit
Vulnerab
vulnerability.reports-inbox
RESO
WORK
"log4Shell" vulnerabilities still exist in Eclipse Dependencies
2022-04-21
580084
Communit
Vulnerab
vulnerability.reports-inbox
RESO
INVA
Jenkins URL exposed
2022-06-07
580118
Communit
Vulnerab
vulnerability.reports-inbox
RESO
NOT_
Reflected XSS On isencia.com
2022-06-09
429494
Communit
Bugzilla
webmaster
RESO
FIXE
https://bugs.eclipse.org/bugs/ is vulnerable to CVE-2009-3555
2018-02-07
513268
Communit
Wiki
webmaster
RESO
FIXE
Open Redirection vulnerability in wiki.eclipse.org
2017-03-21
559719
Communit
Bugzilla
webmaster
RESO
MOVE
Bug in mosquittos MQTT password file parser allows adversaries to modify the loaded password file instance and authenticate as another client.
2020-01-31
446937
Hudson
Core
winston.prakash
RESO
WONT
Security: check various security flaws
2019-05-14
453797
Hudson
Core
winston.prakash
RESO
WONT
[Security] A user with only Job Read and Build privileges can see the default password stored against a password parameter
2019-05-14
454558
Hudson
Core
winston.prakash
RESO
WONT
[Security] A malicious user can find usernames by vectors on loadUserByUsername
2019-05-14
454560
Hudson
Core
winston.prakash
RESO
WONT
[Security] x site scripting vulnerability
2019-05-14
458276
Hudson
Core
winston.prakash
RESO
WONT
[Security] a deleted user who is authenticated in a browser can still build jobs etc..
2019-05-14
464047
Hudson
Core
winston.prakash
RESO
WONT
Password in Query or Cookie Data
2019-05-14
491838
Hudson
Core
winston.prakash
RESO
WONT
Two security vulnerabilities
2019-05-14
573993
Viatra
Common
zoltan.ujhelyi
RESO
FIXE
Username Compromised using jenkins
2021-09-23
319344
Platform
User Ass
cgold
VERI
FIXE
[Webapp][Security] Phishing on help application
2011-06-10
320547
Platform
User Ass
cgold
VERI
FIXE
[Webapp][Security] Misuse of /topic/file
2011-06-10
320548
Platform
User Ass
cgold
VERI
FIXE
[Webapp][Security] Ability to read files not in bundles
2011-06-10
549934
Paho
MQTT
icraggs
VERI
FIXE
Request for CVE in known hostname validation vulnerability in the MQTT library
2019-09-17
438901
Platform
SWT
niraj.modi
VERI
FIXE
Style PASSWORD | READ_ONLY without BORDER displays plain text password
2014-08-28
317055
Platform
User Ass
platform-ua-inbox
VERI
FIXE
[Webapp][Security] URLEncode url requests from local users
2011-06-10
577341
Platform
Debug
sarika.sinha
VERI
FIXE
Security Issue -- Applications using XMLMemento are vulnerable to XXE Attack
2024-03-01
336767
z_Archiv
BIRT
zqian
VERI
FIXE
Security Issue in BIRT Viewer
2014-03-19
421097
Communit
Website
chris.guindon
CLOS
FIXE
Open redirect
2015-05-25
571428
Communit
CI-Jenki
ci.admin-inbox
CLOS
FIXE
[Security] Unauthorized users could access agent logs
2021-02-23
487014
JGit
JGit
egit.core-inbox
CLOS
DUPL
Support for CodeCommit via HTTPS
2016-02-03
463809
EMFStore
ServerCo
emfstore.servercore-inbox
CLOS
FIXE
[Security] addInitialParticipant remote method allows privilege escalation
2015-05-11
323511
Equinox
Framewor
equinox.framework-inbox
CLOS
DUPL
launcher starts wrong application
2012-03-22
575688
Equinox
p2
equinox.p2-inbox
CLOS
MOVE
Prevent downloading artifacts over unencrypted HTTP by default
2024-02-09
425195
z_Archiv
Paho
icraggs
CLOS
NOT_
The Paho Java client does not perform peer verification on the connected socket
2019-08-07
572161
Communit
Website
jakub.mazanek
CLOS
MOVE
Some staging website is exposed.
2021-12-23
361316
Jetty
server
janb
CLOS
FIXE
DoS attack from similar hash values
2012-03-22
333959
Virgo
snaps
milesg78
CLOS
FIXE
cross-site scripting vulnerability
2012-01-16
395246
Gemini.W
unknown
milesg78
CLOS
FIXE
Access to forbidden directories can be granted
2013-01-02
578193
openj9
General
openj9-inbox
CLOS
FIXE
Delete PR
2023-02-13
527762
Communit
Website
phoenix.ui-inbox
CLOS
DUPL
Cross site scripting
2017-11-27
223539
Platform
User Ass
platform-ua-inbox
CLOS
WONT
[Webapp][Security] Vulnerability discovered in Eclipse.
2019-11-14
575011
Platform
UI
Platform-UI-Inbox
CLOS
NOT_
CPU is full
2021-07-26
546046
Communit
Vulnerab
roger
CLOS
INVA
Mosquitto server allows connecting with random PSK credentials if TLS is configured with no 'require_certificate' parameter
2019-12-19
547372
Communit
Bugzilla
roger
CLOS
MOVE
Mosquitto broker and client default to TLS_AES_256_GCM_SHA384 with tls1.3
2020-12-15
535667
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
FIXE
Jetty: CVE Request: HTTP/0.9 Request Smuggling
2023-11-09
536018
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
FIXE
Jetty: CVE Request: FileBasedSessionStore Session Stealing
2023-08-10
544323
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
WORK
[installer] mosquitto-1.5.6-install-windows-x86.exe has detected virus
2019-09-17
544852
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
Releases were & are built/executed/tested/released in the context of insecure/untrusted code
2021-12-23
548244
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
Vulnerability within Oracle Mojarra JSF v2.2 and v2.3
2021-12-23
549491
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
mosquitto
2019-07-24
549525
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
State Machine Flaws, POODLE and Padding Oracles in Scandium
2021-12-23
550943
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
FIXE
Mojarra multiple directory traversal issues
2021-08-16
551423
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
FIXE
repo.locationtech.org Only Supports TLS 1.1 Which is Unsecure
2020-01-10
563784
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
WONT
Mojarra RESOURCE_EXCLUDES filtering bypass
2021-08-16
563881
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
Unauthorized response topic
2021-12-23
563882
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
FIXE
Unauthorized retained message
2021-08-30
568803
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
Vulnerability in TinyDTLS
2021-12-23
571233
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
FIXE
Security Leak Information: Maven Password‏
2021-03-01
574141
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
FIXE
Remote crash in Mosquitto 2.0.7 when publish topic length is 0
2021-08-22
574325
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
[iot.tinydtls] Infinite loop during handshake for TinyDTLS
2021-12-23
574327
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
Buffer over-read bug in the function dtls_sha256_update
2021-12-23
574921
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
Broken TLS server certificate validation in Eclipse ioFog agent
2021-12-23
575324
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
Mosquitto broker with Dynamic Security Plugin may lead to access control failure
2021-12-23
577337
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
MOVE
The eclip.se URL shortener also shortens external links
2021-12-23
580391
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
FIXE
RCE on the default configuration of BIRT Viewer
2023-03-15
580460
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
FIXE
Xss vulnerability - /downloads-viewer.php?s=
2022-08-02
580566
Communit
Vulnerab
vulnerability.reports-inbox
CLOS
FIXE
Description : You are using Swagger ui to share api docs, which uses DomPurify which is vulnerable to insecure input validation and overall your domain becomes vulnerable to Reflected XSS
2022-08-22
202 bugs found.
Change Columns
Edit Search
as