Microsoft Azure IoT SDK Man-in-the-Middle Spoofing Vulnerability

Microsoft C, C and Java SDK for Azure IoT is a software development kit for developing Azure IoT Internet of Things platform applications based on the C, C and Java languages, respectively, from Microsoft Corporation, USA. A security vulnerability exists in the Microsoft C, C and Java SDK for Azu...

CVE-2018-8119

A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK, C SDK, Java SDK...

ALPINE-CVE-2017-7651

In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol...

IBM WebSphere MQ 7.0.0.x / 8.0.0.x Password Handling Remote Access Vulnerability

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is 7.0.0.x or 8.0.0.x without patch APAR PM52049 C Tenable Network Security, Inc. include"compat.inc"; if description scriptid108485; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/08";...

MQTT.js issue in handling PUBLISH packets

Overview MQTT.js is a client library for MQTT. MQTT.js contains an issue in handling PUBLISH packets sent from an MQTT Broker. Masataka Sakaguchi, Bintatsu Noda and Hisashi Kojima of Fujitsu Laboratories Ltd.reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

October 17, 2017—KB4041688 (OS Build 14393.1794)

October 17, 2017—KB4041688 OS Build 14393.1794 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed rare issue where fonts may be corrupted after the Out of Box Experience is complete...

DEBIAN-CVE-2017-2893

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet ove...

DEBIAN-CVE-2017-2894

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet ove...

Cesanta Mongoose MQTT Remote Code Execution Vulnerability (CNVD-2017-33389)

Cesanta Mongoose is a suite of embedded servers from Cesanta, Ireland. A remote code execution vulnerability exists in the MQTT packet parsing feature in Cesanta Mongoose version 6.8. A remote attacker can exploit this vulnerability by sending specially crafted MQTT packets to execute code...

DEBIAN-CVE-2017-11408

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection...

UBUNTU-CVE-2017-11408

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection...

April 18, 2017—KB4015552 (Preview of Monthly Rollup)

April 18, 2017—KB4015552 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of Monthly Rollup KB4015549 released April 11, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update:...

IntelMQ - A solution for IT security teams for collecting and processing security feeds using a message queuing protocol

IntelMQ is a solution for IT security teams CERTs, CSIRTs, abuse departments,... for collecting and processing security feeds such as log files using a message queuing protocol. It's a community driven initiative called IHAP Incident Handling Automation Project which was conceptually designed by...

CVE-2016-3013

IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference : 1998661...

UBUNTU-CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...

Pivotal Software RabbitMQ and RabbitMQ for PCF Security Bypass Vulnerability

Pivotal Software RabbitMQ and RabbitMQ for PCF are both products of the American company Pivotal Software. The former is a set of open source message broker software that implements the Advanced Message Queuing Protocol AMQP, and the latter is an open source messaging server used to support data...

The vulnerability of the WebSphere MQ message processing service allows a perpetrator to trigger a service failure.

The vulnerability of the WebSphere MQ message queue manager agent is related to a memory leak. Exploiting this vulnerability allows an attacker, operating remotely, to cause service failures e.g., excessive memory consumption by triggering multiple errors...

The vulnerability of the Apache Qpid message exchange system, which allows a malicious actor to gain access as a legitimate user.

The Apache Qpid system for exchanging programmatic messages contains a vulnerability related to an authentication error during the processing of shadowed connections for AMQP clients. With a specially crafted request, a malicious individual can impersonate a legitimate user...

Response Operation Collection Kit: ROCK NSM

MOCYBER’s open source Network Security Monitoring platform ROCK is a collections platform, in the spirit of Network Security Monitoring, designed by members of the Missouri National Guard’s Cyber Team. It’s primary focus is to provide a robust, scalable sensor platform for both enduring security...

Automate Incident Handling Process : IntelMQ

IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol. It’s a community driven initiative called IHAP Incident Handling Automation Project which was conceptually designed by European CERTs during several...