Filtered by vendor Eclipse
Subscriptions
Filtered by product Mosquitto
Subscriptions
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-7652 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail. | ||||
CVE-2017-7651 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol. | ||||
CVE-2017-7650 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. | ||||
CVE-2024-8376 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-11-15 | 7.5 High |
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. |