13 matches found
SUSE CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
Debian: Security Advisory (DLA-1972-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1972-1] mosquitto security update
Package : mosquitto Version : 1.3.4-2+deb8u4 CVE ID : CVE-2017-7655 CVE-2018-12550 CVE-2018-12551 CVE-2019-11779 Several issues have been found in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker. CVE-2017-7655 A Null dereference vulnerability in the Mosquitto library could lead to...
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
CVE-2018-12550
CVE-2018-12550 affects Eclipse Mosquitto 1.0–1.5.5 when an ACL file is configured but empty or only comments/blank lines, causing the broker to treat the file as defined and switch from a default deny to a default allow policy. Public disclosures in connected docs confirm the vulnerability behavi...
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...
openSUSE Security Update : mosquitto (openSUSE-2019-233)
This update for mosquitto fixes the following issues : Security issues fixed : - CVE-2018-12546: Fixed an issue with revoked access to topics bsc1125019. - CVE-2018-12551: Fixed an issue which allowed malformed data in the password file to be treated as valid bsc1125020. - CVE-2018-12550: Fixed a...
OPENSUSE-SU-2019:0237-1 Security update for mosquitto
This update for mosquitto fixes the following issues: Security issues fixed: - CVE-2018-12546: Fixed an issue with revoked access to topics bsc1125019. - CVE-2018-12551: Fixed an issue which allowed malformed data in the password file to be treated as valid bsc1125020. - CVE-2018-12550: Fixed an ...
Security update for mosquitto (low)
openSUSE Security Update: Security update for mosquitto Announcement ID: openSUSE-SU-2019:0237-1 Rating: low References: 1125019 1125020 1125021 Cross-References: CVE-2018-12546 CVE-2018-12550 CVE-2018-12551 Affected Products: openSUSE Backports SLE-15 An update that fixes three vulnerabilities i...
openSUSE: Security Advisory for mosquitto (openSUSE-SU-2019:0233-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for mosquitto FEDORA-2019-8cbe2a05cd
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Debian DSA-4388-1 : mosquitto - security update
Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass. Please refer to https://mosquitto.org/blog/2019/02/version-1-5-6-released/ for additional information. C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian: Security Advisory (DSA-4388-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...