Vulnerabilities > Eclipse > Californium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-10 | CVE-2022-39368 | Incomplete Cleanup vulnerability in Eclipse Californium Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. | 8.2 |
| 2022-07-29 | CVE-2022-2576 | Unspecified vulnerability in Eclipse Californium In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. | 7.5 |
| 2021-08-20 | CVE-2021-34433 | Improper Verification of Cryptographic Signature vulnerability in Eclipse Californium In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange. | 7.5 |
| 2021-02-03 | CVE-2020-27222 | Unspecified vulnerability in Eclipse Californium In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. | 7.5 |