CVE-2019-11778

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which h...

EUVD-2017-16657

Malware in sbrugna...

EUVD-2017-16658

Malware in sbrugna...

EUVD-2017-16660

Malware in sbrugna...

EUVD-2018-12714

Malware in sbrugna...

EUVD-2018-4505

Malware in sbrugna...

EUVD-2018-4506

Malware in sbrugna...

EUVD-2018-4511

Malware in sbrugna...

EUVD-2021-21087

Malware in sbrugna...

EUVD-2021-14859

Malware in sbrugna...

EUVD-2024-33469

Malicious code in bioql PyPI...

EUVD-2024-49133

Malicious code in bioql PyPI...

EUVD-2021-28191

Malicious code in bioql PyPI...

EUVD-2023-32063

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-28366

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with...

Advisory ROSA-SA-2025-2912

software: mosquitto 2.0.20 WASP: ROSA-CHROME unaffected versions = mosquitto-2.0.20-1 affected versions mosquitto-2.0.20-1 CVE-ID: CVE-2024-3935 BDU-ID: 2024-09880 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Eclipse Mosquitto message broker is related to memory re-release. Exploitation of th...

TencentOS Server 4: mosquitto (TSSA-2024:0990)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0990 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

USN-7441-1: Eclipse Mosquitto vulnerabilities

It was discovered that Eclipse Mosquitto client incorrectly handled memory when receiving a SUBACK packet. An attacker with a malicious broker could possibly use this issue to execute arbitrary code or cause a denial of service. CVE-2024-10525 Xiangpu Song discovered that Eclipse Mosquitto broker...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto (CVE-2024-8376)

Summary IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto. Vulnerability Details CVEID:CVE-2024-8376 DESCRIPTION: In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault o...

Mageia: Security Advisory (MGASA-2025-0106)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...