23 matches found
EUVD-2022-1169
Malicious code in bioql PyPI...
CVE-2020-27219
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
CVE-2019-10240
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...
org.coldis.library:persistence (>=2.0.34 <=2.0.38), org.eclipse.hawkbit:hawkbit-ddi-server (>=0.7.0 <=0.8.0) +10 more potentially affected by CVE-2025-41232 via org.springframework.security:spring-security-aspects (>=6.4.1 <=6.4.4)
org.springframework.security:spring-security-aspects MAVEN version =6.4.1, =2.0.34, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.8.0 Source cves: CVE-2025-41232 Source advisory: OSV:GHSA-9PP5-9C7G-4R83...
Cross-site Scripting in Eclipse Hawkbit
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
GHSA-RCVX-RMVF-MXCH Cross-site Scripting in Eclipse Hawkbit
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
Cross-Site Scripting (XSS)
hawkbit-update-server is vulnerable to cross-site scripting. The vulnerability exist as the JSON body response for HTTP 404 error contains unsafe URL path characters...
Eclipse Hawkbit Access Control Error Vulnerability
Eclipse hawkBit is a domain-independent backend framework from the Eclipse Foundation. It is used to roll out software updates to constrained edge devices. Eclipse Hawkbit has a security vulnerability in versions prior to 0.3.0M7 where the http404 not found JSON response body returned by restapi...
CVE-2020-27219
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
CVE-2020-27219
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
Design/Logic Flaw
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
CVE-2020-27219
CVE-2020-27219 affects Eclipse Hawkbit prior to 0.3.0M7. The REST API may return a 404 Not Found JSON response that includes the full, unescaped request path, exposing unsafe characters. This could disclose internal URL structure to an attacker that POSTs to a non-existent resource. Root cause: u...
CVE-2020-27219
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...
Eclipse hawkBit 跨站脚本漏洞
Eclipse hawkBit is a domain-independent backend framework from the Eclipse Foundation. It is used to roll out software updates to constrained edge devices. Eclipse Hawkbit has a security vulnerability in versions prior to 0.3.0M7 where the http404 not found JSON response body returned by restapi...
GHSA-JWQM-C9F2-2CQ3 Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...
Man-in-the-Middle (MitM)
hawkbit is vulnerable to man-in-the-middle attacks. The Maven build artifacts for Vaadin based UI is built over HTTP instead of HTTPS, which would allow a remote attacker to perform a man-in-the-middle attack between the client and the original server...
CVE-2019-10240
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...
CVE-2019-10240
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...
Design/Logic Flaw
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...