Download OpenAPI specification:Download
Access information on Eclipse Foundation CVEs.
[- {
- "id": "CVE-2020-12345",
- "date_published": "2020-03-17",
- "project": "eclipse.platform",
- "status": "PUBLIC",
- "summary": "This is the summary of the horrific security flaw that we fixed",
- "cvss": 9.9
}, - {
- "id": "CVE-2022-54321",
- "date_published": "2022-06-01",
- "project": "technology.dash",
- "cve_pull_request": "",
- "status": "PUBLIC",
- "summary": "This is the summary of the minor vulnerablity",
- "cvss": 2
}
]Returns a CVE entry that has a matching id
| id required | string The id of the CVE to retrieve |
{- "id": "CVE-2020-12345",
- "date_published": "2020-03-17",
- "project": "eclipse.platform",
- "status": "PUBLIC",
- "summary": "This is the summary of the horrific security flaw that we fixed",
- "cvss": 9.9
}<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://purl.org/rss/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/"> <channel rdf:about="https://eclipse.org/security/known/rss.xml"> <title>Eclipse Foundation Project CVE database</title> <link>https://eclipse.org/security/known/rss.xml</link> <description>Disclosed CVE records pertaining to Eclipse Foundation projects.</description> <items> <rdf:Seq> <rdf:li /> <rdf:li /> <rdf:li /> </rdf:Seq> </items> <dc:creator>Eclipse Foundation WebDev</dc:creator> <dc:date>2024-03-28T19:45:02Z</dc:date> <dc:language>en-gb</dc:language> </channel> <item rdf:about="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7649"> <title>CVE-2017-7649</title> <link>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7649</link> <description>The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.</description> <dc:date>2017-04-14T04:00:00Z</dc:date> </item> <item rdf:about="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7650"> <title>CVE-2017-7650</title> <link>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7650</link> <description>In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.</description> <dc:date>2017-05-17T04:00:00Z</dc:date> </item> <item rdf:about="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7651"> <title>CVE-2017-7651</title> <link>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7651</link> <description>In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.</description> <dc:date>2018-02-27T05:00:00Z</dc:date> </item> </rdf:RDF>