Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse mosquitto vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour ...
Eclipse Mosquitto
8.1
CVSSv3
CVE-2018-12551
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clie...
Eclipse Mosquitto
7.8
CVSSv3
CVE-2021-28825
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low p...
Tibco Messaging - Eclipse Mosquitto Distribution - Core
7.8
CVSSv3
CVE-2021-28826
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a l...
Tibco Messaging - Eclipse Mosquitto Distribution - Bridge
7.5
CVSSv3
CVE-2023-5632
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack....
Eclipse Mosquitto
7.5
CVSSv3
CVE-2023-3592
In Mosquitto prior to 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
Eclipse Mosquitto
7.5
CVSSv3
CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 up to and including 2.x prior to 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN fr...
Eclipse Mosquitto
7.5
CVSSv3
CVE-2021-41039
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
Eclipse Mosquitto
7.5
CVSSv3
CVE-2021-34432
In Eclipse Mosquitto versions 2.07 and previous versions, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.
Eclipse Mosquitto
1 Github repository
7.5
CVSSv3
CVE-2017-7655
In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.
Eclipse Mosquitto
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »