Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mosquitto vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2018-12551
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clie...
Eclipse Mosquitto
490
VMScore
CVE-2019-11778
If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free erro...
Eclipse Mosquitto
NA
CVE-2023-0809
In Mosquitto prior to 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
Eclipse Mosquitto
187
VMScore
CVE-2017-9868
In Mosquitto up to and including 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.
Eclipse Mosquitto
Debian Debian Linux 8.0
356
VMScore
CVE-2017-7650
In Mosquitto prior to 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present ...
Eclipse Mosquitto
Debian Debian Linux 8.0
445
VMScore
CVE-2021-34434
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
Eclipse Mosquitto
Fedoraproject Fedora 34
Fedoraproject Fedora 35
312
VMScore
CVE-2017-7653
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and s...
Eclipse Mosquitto
Debian Debian Linux 8.0
Debian Debian Linux 9.0
445
VMScore
CVE-2017-7654
In Eclipse Mosquitto 1.4.15 and previous versions, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.
Eclipse Mosquitto
Debian Debian Linux 9.0
Debian Debian Linux 8.0
445
VMScore
CVE-2017-7655
In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.
Eclipse Mosquitto
Debian Debian Linux 8.0
Debian Debian Linux 9.0
446
VMScore
CVE-2017-7651
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.
Eclipse Mosquitto
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »