Lucene search
K

23 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-16659

Malware in sbrugna...

7.5CVSS7.4AI score0.02173EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-18069

Malware in sbrugna...

7.5CVSS7.6AI score0.02577EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2017-7653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject...

5.3CVSS6.3AI score0.01454EPSS
Exploits0References2
CVE
CVE
added 2024/10/30 11:45 a.m.86 views

CVE-2024-3935

CVE-2024-3935 affects Eclipse Mosquitto: 2.0.0–2.0.18 expose a double-free crash when a broker with an outgoing bridge uses topic remapping and receives a crafted PUBLISH from a remote connection. Connected advisories confirm the issue across multiple distributions and show remediation through up...

6.5CVSS7.4AI score0.00761EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2024/02/13 2:45 p.m.51 views

mosquitto: memory leak leads to unresponsive broker

A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service conditi...

7.5CVSS5.8AI score0.01107EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/09/05 1:21 a.m.3 views

SUSE CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5CVSS6.9AI score0.01107EPSS
Exploits0References3
OSV
OSV
added 2023/09/01 4:15 p.m.2 views

DEBIAN-CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5CVSS7.3AI score0.01107EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7654

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker...

7.5CVSS7.4AI score0.02173EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/04/05 12:0 a.m.7 views

The vulnerability of the Mosquitto messaging broker lies in the improper release of memory before deleting last-level links, allowing attackers to trigger a service failure.

The vulnerability of the Mosquitto messaging broker is related to incorrect processing of the CONNECT packet when there are no will topics, no will messages, and no will flags, nor any will properties. Exploiting this vulnerability allows a remote attacker to cause service failures...

6.8CVSS6.6AI score0.01113EPSS
Exploits0References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/01 12:0 a.m.7 views

The vulnerability of the Mosquitto messaging broker, related to errors during resource release, allows a hacker to cause a service failure.

The vulnerability of the Mosquitto messaging broker is related to incorrect processing of the PUBLISH packet when the topic length is zero. Exploiting this vulnerability allows a remote attacker to cause a service failure...

7.8CVSS7.2AI score0.01247EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2021/04/22 8:15 p.m.2 views

CVE-2021-0256

A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permission...

5.5CVSS5.8AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2021/04/22 8:15 p.m.6 views

CVE-2021-0229

An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport MQTT server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service DoS by sending a stream of specific packets. A Juniper Extension Toolkit JET...

5.3CVSS5.8AI score0.01156EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2019/06/20 1:31 p.m.92 views

USN-4023-1: Mosquitto vulnerabilities

It was discovered that Mosquitto broker incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service...

7.5CVSS6.5AI score0.02173EPSS
Exploits0
NVD
NVD
added 2018/06/05 8:29 p.m.16 views

CVE-2017-7654

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker...

7.5CVSS7.3AI score0.02173EPSS
Exploits0References4
NVD
NVD
added 2018/06/05 8:29 p.m.21 views

CVE-2017-7653

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial ...

5.3CVSS5.5AI score0.01454EPSS
Exploits0References5
OSV
OSV
added 2018/06/05 8:29 p.m.1 views

DEBIAN-CVE-2017-7654

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker...

7.5CVSS7.2AI score0.02173EPSS
Exploits0References1
OSV
OSV
added 2018/06/05 8:29 p.m.15 views

CVE-2017-7653

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial ...

5.3CVSS6.4AI score
Exploits0References5
OSV
OSV
added 2018/06/05 8:29 p.m.21 views

CVE-2017-7654

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker...

7.5CVSS7.6AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/06/05 12:0 a.m.23 views

CVE-2017-7654

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker...

7.5CVSS7.1AI score0.02173EPSS
Exploits0References3
OSV
OSV
added 2018/06/05 12:0 a.m.3 views

UBUNTU-CVE-2017-7654

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker...

7.5CVSS7AI score0.02173EPSS
Exploits0References4
Rows per page
Query Builder