CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4447 – Buffer Overflow in Eclipse OpenJ9
https://notcve.org/view.php?id=CVE-2025-4447
09 May 2025 — In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts. • https://github.com/eclipse-openj9/openj9/pull/21762 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1948 – Eclipse Jetty HTTP clients can increase memory allocation
https://notcve.org/view.php?id=CVE-2025-1948
08 May 2025 — In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting. A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 clien... • https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13009 – Eclipse Jetty GZIP buffer release
https://notcve.org/view.php?id=CVE-2024-13009
08 May 2025 — In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests. In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests. • https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2259 – Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
https://notcve.org/view.php?id=CVE-2025-2259
06 Apr 2025 — In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727 • https://github.com/eclipse-threadx/netxduo/commit/fb3195bbb6d0d6fe71a7a19585c008623c217f9e • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2260 – Eclipse ThreadX NetX Duo HTTP component server denial of service
https://notcve.org/view.php?id=CVE-2025-2260
06 Apr 2025 — In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support. This issue follows an incomplete fix of CVE-2025-0726. • https://github.com/eclipse-threadx/netxduo/commit/fb3195bbb6d0d6fe71a7a19585c008623c217f9e • CWE-459: Incomplete Cleanup •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2258 – Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
https://notcve.org/view.php?id=CVE-2025-2258
06 Apr 2025 — In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728. • https://github.com/eclipse-threadx/netxduo/commit/6c8e9d1c95d71bd4b313e1cc37d8f8841543b248 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10838 – Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read
https://notcve.org/view.php?id=CVE-2024-10838
12 Mar 2025 — An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions. • https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1471 – Eclipse OMR: Buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2025-1471
21 Feb 2025 — In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows. • https://github.com/eclipse-omr/omr/pull/7658 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1470 – Eclipse OMR: Null pointer dereference vulnerability
https://notcve.org/view.php?id=CVE-2025-1470
21 Feb 2025 — In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly. • https://github.com/eclipse-omr/omr/pull/7655 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0727 – Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
https://notcve.org/view.php?id=CVE-2025-0727
21 Feb 2025 — In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. • https://github.com/eclipse-threadx/netxduo/commit/c78d650be7377aae1a8704bc0ce5cc6f9f189014 • CWE-191: Integer Underflow (Wrap or Wraparound) •