VYPR
Vendor

Mosquitto

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2018-12550HigMar 27, 2019
    risk 0.53cvss 8.1epss 0.01

    When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour…

  • CVE-2023-0809MedOct 2, 2023
    risk 0.38cvss 5.8epss 0.01

    In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

  • CVE-2019-11778MedSep 18, 2019
    risk 0.35cvss 5.4epss 0.01

    If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free…

  • CVE-2018-20145HigDec 13, 2018
    risk 0.00cvss 7.5epss 0.02

    Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.