Vulnerabilities > Eclipse > Californium > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-10 CVE-2022-39368 Incomplete Cleanup vulnerability in Eclipse Californium
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services.
network
low complexity
eclipse CWE-459
8.2
2022-07-29 CVE-2022-2576 Unspecified vulnerability in Eclipse Californium
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest.
network
low complexity
eclipse
7.5
2021-08-20 CVE-2021-34433 Improper Verification of Cryptographic Signature vulnerability in Eclipse Californium
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.
network
low complexity
eclipse CWE-347
7.5
2021-02-03 CVE-2020-27222 Unspecified vulnerability in Eclipse Californium
In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state.
network
low complexity
eclipse
7.5