Eclipse Kura

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:the_eclipse_foundation:eclipse_kura:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorThe Eclipse Foundation (bb2d55d2-5306-5bc8-beb2-981f5d5392e4)
ProductEclipse Kura (56f7c262-36c6-5beb-a0c2-01b4cfdd5833)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-10244 vulnerable 2026-06-03 14:39:22.028760 Details available
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.
Published: 2019-04-09T15:42:42.000Z
Updated: 2024-08-04T22:17:19.931Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-10243 vulnerable 2026-06-03 14:39:22.028422 Details available
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura.
Published: 2019-04-09T15:42:42.000Z
Updated: 2024-08-04T22:17:19.791Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-10242 vulnerable 2026-06-03 14:39:22.027441 Details available
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
Published: 2019-04-09T15:42:42.000Z
Updated: 2024-08-04T22:17:20.146Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.