Search CVE reports
21 – 23 of 23 results
CVE-2017-7651
Medium priorityIn Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | — | — | — | Not affected | Fixed |
CVE-2017-7650
Medium priorityIn Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to....
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | — | — | — | — | Fixed |
CVE-2017-9868
Medium prioritySome fixes available 3 of 5
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | — | — | — | Not affected | Fixed |