Lucene search
+L

8 matches found

vulnrichment
vulnrichment
added 2026/03/30 8:11 p.m.6 views

CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

3.1CVSS5.8AI score0.00399EPSS
Exploits1References4
cvelist
cvelist
added 2026/03/30 8:11 p.m.18 views

CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

3.1CVSS0.00399EPSS
Exploits1References4
osv
osv
added 2026/03/30 8:11 p.m.4 views

CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

3.1CVSS5.8AI score0.00399EPSS
Exploits1References6
cve
cve
added 2026/03/30 8:11 p.m.21 views

CVE-2026-32696

CVE-2026-32696 affects NanoMQ 0.24.6 where HTTP auth (auth.http_auth) with MQTT CONNECT and missing username/password (using %u/%P) causes auth_http.c:set_data() to call strlen() on a NULL pointer, triggering a remote SIGSEGV and DoS. A fix exists in 0.24.7. The Red Hat, NVD, OSV, and CVE list en...

7.5CVSS5.8AI score0.00399EPSS
Exploits1References4Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-2980

Malware in sbrugna...

7.5CVSS6.4AI score0.07699EPSS
Exploits0References8
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-2705

Malware in sbrugna...

10CVSS6.4AI score0.02659EPSS
Exploits0References8
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-2367

Malware in sbrugna...

10CVSS6.4AI score0.08201EPSS
Exploits1References3
osv
osv
added 2012/10/03 11:2 a.m.3 views

DEBIAN-CVE-2012-3520

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCMCREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to 1 Avahi or 2 NetworkManager...

1.9CVSS6.2AI score0.00429EPSS
Exploits2References1
Rows per page
Query Builder