5 matches found
CVE-2024-3046
CVE-2024-3046 affects Eclipse Kura’s LogServlet (versions 5.0.0–5.4.1) and the Web2 component (org.eclipse.kura.web2, versions 2.0.600–2.4.0) within Kura 5.0.0–5.4.1. A specifically crafted request to the LogServlet can allow an unauthenticated user to retrieve device logs, and downloaded logs ma...
CVE-2017-7649
The CVE-2017-7649 entry concerns Eclipse Kura (pre-2.1.0) where the distribution handles firewall setup and leaves the Equinox console on port 5002 accessible without credentials. The vulnerability allows login via unencrypted Telnet, with the attacker able to execute commands through the Equinox...
CVE-2019-10244
CVE-2019-10244 affects Eclipse Kura up to version 4.0.0. The vulnerability points to XXE attacks via the Web UI package and component services, the Artemis simple MQTT component, and the emulator position service (not part of the device distribution) caused by improper factory and parser initiali...
CVE-2019-10243
CVE-2019-10243 affects Eclipse Kura up to v4.0.0. The issue is that Kura exposes the underlying Ui Web server version in its replies, which an attacker could use as a hint to craft targeted attacks against the Kura web server. The provided documents do not specify a fixed version or remediation; ...
CVE-2019-10242
The provided CVE entry applies to Eclipse Kura up to version 4.0.0, where the SkinServlet did not validate the path parameter in GET requests. This could allow path traversal for a limited set of file types. The vulnerability is described without explicit exploitation details or listed fixes in t...