21 matches found
CVE-2026-40020
A flaw was found in dovecot. A remote attacker can exploit the Internet Message Access Protocol IMAP SETACL command to inject "anyone" permissions into a user's dovecot-acl file, even when the imapaclallowanyone setting is disabled. This vulnerability allows an attacker to spam folders to all...
EUVD-2018-4510
Malware in sbrugna...
EUVD-2010-4672
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2014-0212
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors CVE-2014-0212 Note that Nessus reli...
SUSE CVE-2018-20145
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option perlistenersettings was set to true, and the default listener was in use, and the default listener specified an aclfile, then the acl file was being ignored...
UBUNTU-CVE-2014-0212
qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors...
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
DEBIAN-CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
Design/Logic Flaw
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
CVE-2018-12550
CVE-2018-12550 affects Eclipse Mosquitto 1.0–1.5.5 when an ACL file is configured but empty or only comments/blank lines, causing the broker to treat the file as defined and switch from a default deny to a default allow policy. Public disclosures in connected docs confirm the vulnerability behavi...
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
Security update for mosquitto (low)
openSUSE Security Update: Security update for mosquitto Announcement ID: openSUSE-SU-2019:0237-1 Rating: low References: 1125019 1125020 1125021 Cross-References: CVE-2018-12546 CVE-2018-12550 CVE-2018-12551 Affected Products: openSUSE Backports SLE-15 An update that fixes three vulnerabilities i...
Security update for mosquitto (low)
openSUSE Security Update: Security update for mosquitto Announcement ID: openSUSE-SU-2019:0233-1 Rating: low References: 1125019 1125020 1125021 Cross-References: CVE-2018-12546 CVE-2018-12550 CVE-2018-12551 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities is now...
Insecure Authorization
libmosquitto.so is vulnerable to insecure authorization. An empty ACL file or containing only blank lines or comments is treated as not defined and no topic access would be denied. This could lead to access being incorrectly granted and allow an attacker to access or modify resources that are...
DEBIAN-CVE-2018-20145
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option perlistenersettings was set to true, and the default listener was in use, and the default listener specified an aclfile, then the acl file was being ignored...
DEBIAN-CVE-2010-4707
The checkacl function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service resource consumption via a special file...
Design/Logic Flaw
The checkacl function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service resource consumption via a special file...
CVE-2010-4707
The checkacl function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service resource consumption via a special file...