Eclipse Kura
By the Year
In 2024 there have been 0 vulnerabilities in Eclipse Kura . Kura did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 3 | 6.03 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Kura vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Eclipse Kura Security Vulnerabilities
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially
CVE-2019-10242
5.3 - Medium
- April 09, 2019
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
Directory traversal
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies
CVE-2019-10243
5.3 - Medium
- April 09, 2019
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura.
Information Disclosure
In Eclipse Kura versions up to 4.0.0
CVE-2019-10244
7.5 - High
- April 09, 2019
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Eclipse Kura or by Eclipse? Click the Watch button to subscribe.
