HIGH8.1CVE-2018-12551When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the… from 0, < 1.5.6-r0
HIGH8.1CVE-2018-12550When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comm… from 0, < 1.5.6-r0
HIGH7.5CVE-2023-3592In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property ty… from 0, < 2.0.16-r0
HIGH7.5The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS…
from 0, < 2.0.16-r0
HIGH7.5In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.
from 0, < 1.6.8-r1
HIGH7.5In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is…
from 0, < 1.5.3-r0
HIGH7.5In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers…
from 0, < 1.4.15-r0
HIGH7.5mosquitto - security update
from 0, < 1.4.15-r0
MEDIUM6.5In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to t…
from 0, < 2.0.10-r0
MEDIUM6.5mosquitto - security update
from 0, < 1.6.3-r1
MEDIUM6.5mosquitto - security update
from 0, < 1.5.6-r0
MEDIUM6.5mosquitto - security update
from 0, < 1.4.12-r0
MEDIUM5.5mosquitto - security update
from 0, < 1.4.13-r0
MEDIUM5.3In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
from 0, < 2.0.16-r0