CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2024-0740 – Eclipse Target Management <= 4.5.500 Command Injection
https://notcve.org/view.php?id=CVE-2024-0740
26 Apr 2024 — Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03 Eclipse Target Management: Terminal and Remote System Explorer (RSE) versión <= 4.5.400 tiene una vulnerabilidad de ejecución remota de código que no requiere autenticación. La versión fija está incluida en Eclipse IDE 2024-03 • https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3046
https://notcve.org/view.php?id=CVE-2024-3046
09 Apr 2024 — In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1] En el componente Eclipse Kur... • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/188 • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2212 – Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()
https://notcve.org/view.php?id=CVE-2024-2212
26 Mar 2024 — In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows. En Eclipse ThreadX anterior a 6.4.0, a las funciones xQueueCreate() y xQueueCreateSet() de la API de compatibilidad de FreeRTOS (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) les faltaban comprobaciones de pará... • https://packetstorm.news/files/id/178817 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2214 – Missing array size check in _Mtxinit() in the Xtensa port
https://notcve.org/view.php?id=CVE-2024-2214
26 Mar 2024 — In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c En Eclipse ThreadX anterior a la versión 6.4.0, a la función _Mtxinit() en el puerto Xtensa le faltaba una verificación del tamaño de la matriz, lo que provocaba una sobrescritura de la memoria. El archivo afectado era ports/xtensa/xcc/src/tx_clib_lock.c Eclipse ThreadX versions prior to 6.4.0 suffers from a ... • https://packetstorm.news/files/id/178817 • CWE-129: Improper Validation of Array Index •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2452 – Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc()
https://notcve.org/view.php?id=CVE-2024-2452
26 Mar 2024 — In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows. En Eclipse ThreadX NetX Duo anterior a 6.4.0, si un atacante puede controlar los parámetros de __portable_aligned_alloc() podría provocar una envoltura de enteros y una asignación menor de lo esperado. Esto podría provocar desbordamientos de búfer de almacenamiento dinámico.... • https://packetstorm.news/files/id/178817 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •