Lucene search
K

81 matches found

RedhatCVE
RedhatCVE
added 2023/09/05 3:13 p.m.22 views

CVE-2023-28366

A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service conditi...

7.5CVSS7.2AI score0.01116EPSS
Exploits0References4
Circl
Circl
added 2023/09/01 8:15 p.m.10 views

CVE-2023-28366

creationtimestamp| type| source ---|---|--- 2023-09-01 20:15:10+00:00| seen| https://t.me/cibsecurity/69660...

7.5CVSS7.2AI score0.01116EPSS
Exploits0References1
NVD
NVD
added 2023/09/01 4:15 p.m.29 views

CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5CVSS7.4AI score0.01116EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/09/01 12:0 a.m.45 views

CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5AI score0.01116EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/09/01 12:0 a.m.2 views

CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7AI score0.01116EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2023/09/01 12:0 a.m.98 views

CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5CVSS6.9AI score0.01116EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/01 12:0 a.m.34 views

Fedora 38 : libwebsockets / mosquitto (2023-6a87c003c4)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-6a87c003c4 advisory. 2.0.17 Broker: Fix maxqueuedmessages 0 stopping clients from receiving messages Fix maxinflightmessages not being set correctly. Apps: Fix...

7.5CVSS6.7AI score0.01116EPSS
Exploits0References4
OSV
OSV
added 2023/08/31 12:14 p.m.1 views

BELL-CVE-2023-28366 CVE-2023-28366 does not affect BellSoft software

Bulletin has no description...

7.5CVSS5.8AI score0.01116EPSS
Exploits0References1
OSV
OSV
added 2023/08/31 12:13 p.m.2 views

BELL-CVE-2020-28366 CVE-2020-28366 does not affect BellSoft software

Bulletin has no description...

7.5CVSS5.8AI score0.02244EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.5 views

SUSE CVE-2020-28366

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

7.5CVSS9.8AI score0.02244EPSS
Exploits0References8
Prion
Prion
added 2022/04/25 3:15 a.m.27 views

Design/Logic Flaw

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction PI data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product...

5CVSS7.3AI score0.02099EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/04/25 2:54 a.m.444 views

CVE-2022-29546

CVE-2022-29546 : HtmlUnit NekoHtml Parser before 2.61.0 has a denial-of-service vulnerability via crafted Processing Instructions that triggers heap memory consumption. The issue is triggered during PI data parsing and is described as similar to CVE-2022-28366 but affecting a much newer version. ...

7.5CVSS7.2AI score0.01217EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2022/04/23 12:3 a.m.3 views

at.willhaben.willtest:browserstack (>=1.0.0 <=1.1.8), at.willhaben.willtest:core (>=1.0.0 <=1.1.8) +417 more potentially affected by CVE-2022-28366 via net.sourceforge.htmlunit:neko-htmlunit (>=2.21 <=2.25)

net.sourceforge.htmlunit:neko-htmlunit MAVEN version =2.21, =1.0.0, =1.0.0, =1.0.0, =1, =0.0.10, =0.14, =1.0, =3.6.1, =2.60, =0.0.1, =16.07.16, =16.10.21 and more Source cves: CVE-2022-28366 Source advisory: OSV:GHSA-G9HH-VVX3-V37V...

7.5CVSS7.1AI score0.02099EPSS
Exploits0
Circl
Circl
added 2022/04/22 2:27 a.m.9 views

CVE-2022-28366

creationtimestamp| type| source ---|---|--- 2022-04-22 02:27:10+00:00| seen| https://t.me/cibsecurity/41295...

7.5CVSS7.6AI score0.02099EPSS
Exploits0References1
NVD
NVD
added 2022/04/21 11:15 p.m.23 views

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

7.5CVSS0.02099EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/04/21 11:15 p.m.41 views

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

7.5CVSS7AI score0.02099EPSS
Exploits0References5
CVE
CVE
added 2022/04/21 10:41 p.m.178 views

CVE-2022-28366

CVE-2022-28366 affects Neko HTML parsers used by HtmlUnit-Neko (up to 2.26; fixed in 2.27) and by CyberNeko HTML (up to 1.9.22; 1.9.22 is the last release). The issue is a denial of service via crafted Processing Instruction input that leads to excessive heap memory consumption. OWASP AntiSamy be...

7.5CVSS7.1AI score0.02099EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2022/04/21 10:41 p.m.40 views

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

7.5AI score0.02099EPSS
Exploits0References3
OSV
OSV
added 2022/04/21 10:41 p.m.29 views

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

7.5CVSS7.2AI score0.02099EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/04/21 10:15 p.m.5 views

CVE-2022-29280

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-28366. Reason: This candidate is a reservation duplicate of CVE-2022-28366. Notes: All CVE users should reference CVE-2022-28366 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

7.5CVSS5.8AI score0.02099EPSS
Exploits0References1
Rows per page
Query Builder