Lucene search
K

19 matches found

CVE
CVE
added 4 days ago11 views

CVE-2026-58214

CVE-2026-58214 – NATS Server (MQTT subscribe ACL bypass) Prior to version 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the a...

4.3CVSS5.9AI score0.00367EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-58214 NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS0.00367EPSS
Exploits0References5
CVE
CVE
added 4 days ago14 views

CVE-2026-58213

NATS Server (nats-server) before versions 2.14.1 and 2.12.9 is vulnerable: an MQTT client can include protocol control characters in subscription filters, which are later forwarded as NATS protocol data to route or leafnode connections. This corrupts the forwarded protocol stream and allows injec...

7.1CVSS6AI score0.00439EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0481

Malware in sbrugna...

7.5CVSS7.4AI score0.01586EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:22 a.m.8 views

CVE-2019-5432

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding...

7.5CVSS6.8AI score0.01586EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.2 views

SUSE CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...

6.5CVSS7.2AI score0.02742EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/07/07 12:0 a.m.30 views

Mongoose Web Server <= 6.8 Multiple Vulnerabilities

Mongoose Web Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

9.8CVSS8.8AI score0.31045EPSS
Exploits13References8
OSV
OSV
added 2019/09/19 2:15 p.m.5 views

ALPINE-CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...

6.5CVSS7.2AI score0.02742EPSS
Exploits0References1
OSV
OSV
added 2019/05/14 4:2 a.m.17 views

GHSA-WV67-9JQ7-8R69 Improper Input Validation and Buffer Over-read in mqtt-packet

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding...

7.5CVSS7.4AI score0.01586EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/05/06 5:29 p.m.23 views

CVE-2019-5432

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding...

7.5CVSS7.1AI score0.01586EPSS
Exploits1References2
OSV
OSV
added 2019/05/06 5:29 p.m.21 views

CVE-2019-5432

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding...

7.5CVSS7.1AI score
Exploits0References1
OSV
OSV
added 2019/05/06 5:29 p.m.12 views

UBUNTU-CVE-2019-5432

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding...

7.5CVSS5.8AI score0.01586EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2019/05/06 4:48 p.m.39 views

CVE-2019-5432

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding...

7.5CVSS7.4AI score0.01586EPSS
Exploits1
NVD
NVD
added 2018/10/29 12:29 p.m.19 views

CVE-2018-18765

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mgmqttnextsubscribetopic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially...

9.1CVSS9AI score0.01835EPSS
Exploits1References2
NVD
NVD
added 2017/11/07 4:29 p.m.21 views

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...

8.2CVSS7.9AI score0.01311EPSS
Exploits1References1
NVD
NVD
added 2017/11/07 4:29 p.m.19 views

CVE-2017-2893

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet ove...

7.5CVSS7.3AI score0.24943EPSS
Exploits2References1
Prion
Prion
added 2017/11/07 4:29 p.m.17 views

Information disclosure

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...

6.4CVSS7.7AI score0.01311EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/11/07 4:0 p.m.26 views

CVE-2017-2893

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet ove...

7.5CVSS7.4AI score0.24943EPSS
Exploits2References1
Debian CVE
Debian CVE
added 2017/11/07 4:0 p.m.42 views

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...

8.2CVSS7.9AI score0.01311EPSS
Exploits1
Rows per page
Query Builder