37 matches found
EUVD-2019-2251
Malware in sbrugna...
EUVD-2019-2252
Malware in sbrugna...
EUVD-2019-2253
Malware in sbrugna...
EUVD-2024-1198
Malicious code in bioql PyPI...
CVE-2019-10243
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura...
CVE-2019-10244
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service not part of the device distribution could potentially be target of XXE attack due to an improper factory and parser initialisation...
CVE-2019-10242
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types...
CVE-2024-3046
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an...
SUSE CVE-2019-10242
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types...
Eclipse Kura LogServlet vulnerability
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an...
GHSA-FRC2-W2CC-X794 Eclipse Kura LogServlet vulnerability
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an...
CVE-2024-3046
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an...
CVE-2024-3046
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an...
CVE-2024-3046
CVE-2024-3046 affects Eclipse Kura’s LogServlet (versions 5.0.0–5.4.1) and the Web2 component (org.eclipse.kura.web2, versions 2.0.600–2.4.0) within Kura 5.0.0–5.4.1. A specifically crafted request to the LogServlet can allow an unauthenticated user to retrieve device logs, and downloaded logs ma...
CVE-2024-3046
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an...
CVE-2024-3046
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an...
Eclipse Kura 安全漏洞
Eclipse Kura is the Eclipse Foundation's framework for OSGi-based M2M service gateway applications. A security vulnerability exists in Eclipse Kura LogServlet versions 5.0.0 through 5.4.1, which originates from a vulnerability that allows an unauthenticated user to retrieve device logs using a...
PT-2024-23389 · Eclipse · Eclipse Kura +1
Name of the Vulnerable Software and Affected Versions: Eclipse Kura versions 5.0.0 through 5.4.1 org.eclipse.kura:org.eclipse.kura.web2 versions 2.0.600 through 2.4.0 Description: A specifically crafted request to the LogServlet component can allow an unauthenticated user to retrieve the device...
Eclipse Kura Directory Traversal Vulnerability
Eclipse kura is a set of IOT GateWay development framework. Eclipse Kura suffers from a directory traversal vulnerability that can be exploited by an attacker to obtain sensitive information...
Eclipse Kura Information Disclosure Vulnerability
Eclipse Kura is the Eclipse Foundation's framework for OSGi-based M2M service gateway applications. An information disclosure vulnerability exists in Eclipse Kura 4.0.0 and prior versions, which arises from errors such as configuration during operation of a networked system or product. An attacke...