Skip to main content

Kura

5 CVEs product

Monthly

CVE-2024-3046 Maven HIGH This Week

In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Kura
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2019-10244 HIGH This Week

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Kura
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-10243 MEDIUM This Month

In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kura
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-10242 MEDIUM This Month

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Kura
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2017-7649 CRITICAL Act Now

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kura
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
EPSS 1% CVSS 7.5
HIGH This Week

In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Kura
NVD
EPSS 2% CVSS 7.5
HIGH This Week

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Kura
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kura
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Kura
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kura
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy