Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mosquitto vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2017-7652
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets availa...
Eclipse Mosquitto
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
4
CVSSv2
CVE-2019-11779
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.
Eclipse Mosquitto
Canonical Ubuntu Linux 19.04
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 10.0
4
CVSSv2
CVE-2021-28166
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.
1 Github repository
7.2
CVSSv2
CVE-2021-28825
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low p...
Tibco Messaging - Eclipse Mosquitto Distribution - Core
7.2
CVSSv2
CVE-2021-28826
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a l...
Tibco Messaging - Eclipse Mosquitto Distribution - Bridge
5
CVSSv2
CVE-2017-9131
An issue exists on Mimosa Client Radios prior to 2.2.3 and Mimosa Backhaul Radios prior to 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when se...
Mimosa Backhaul Radios
Mimosa Client Radios
2.1
CVSSv2
CVE-2021-0256
A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with ...
7.2
CVSSv2
CVE-2020-13537
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SY...
Moxa Mxview 3.1.8
5
CVSSv2
CVE-2017-9132
A hard-coded credentials issue exists on Mimosa Client Radios prior to 2.2.3, Mimosa Backhaul Radios prior to 2.2.3, and Mimosa Access Points prior to 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's...
Mimosa Client Radios
Mimosa Backhaul Radios
5
CVSSv2
CVE-2021-0229
An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an malicious user to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. A Ju...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3