CRITICAL9.8CVE-2022-28357NATS nats-server allows directory traversal via unintended path to a management action in github.com/nats-io/nats-server from 0
CRITICAL9.8CVE-2022-28357NATS nats-server allows directory traversal via unintended path to a management action in github.com/nats-io/nats-server >= 2.2.0, < 2.7.4
HIGH8.8CVE-2022-24450Incorrect Authorization in NATS nats-server in github.com/nats-io/nats-server from 0
HIGH8.6NATS has MQTT plaintext password disclosure
from 0
HIGH8.6NATS has MQTT plaintext password disclosure
from 0
HIGH7.5NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead
from 0
HIGH7.5NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead
from 0
HIGH7.5NATS has pre-auth server panic via leafnode handling
from 0
HIGH7.5NATS has pre-auth server panic via leafnode handling
from 0
HIGH7.5NATS Server panic via malicious compression on leafnode port
from 0
HIGH7.5NATS Server panic via malicious compression on leafnode port
from 0
HIGH7.5Denial of Service (DoS)
from 0
HIGH7.5Denial of Service (DoS)
from 0, < 2.2.0
HIGH7.5Integer Overflow or Wraparound in NATS Server in github.com/nats-io/nats-server
from 0
HIGH7.4NATS credentials are exposed in monitoring port via command-line argv
from 0
HIGH7.1NATS allows MQTT clients to bypass ACL checks
from 0
HIGH7.1NATS allows MQTT clients to bypass ACL checks
from 0
MEDIUM6.5NATS is vulnerable to MQTT hijacking via Client ID
from 0
MEDIUM6.5NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects in github.com/nats-io/nats-server
from 0
MEDIUM6.5Arbitrary file write in nats-server in github.com/nats-io/nats-server
from 0
MEDIUM6.4NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
from 0
MEDIUM6.4NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
from 0
MEDIUM6.4NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
from 0
MEDIUM6.4NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
from 0
MEDIUM5.9nats-server websockets are vulnerable to pre-auth memory DoS
from 0, <= 1.4.1
MEDIUM5.9nats-server websockets are vulnerable to pre-auth memory DoS
from 0
MEDIUM5.3NATS is vulnerable to pre-auth DoS through WebSockets client service
from 0
MEDIUM5.3NATS is vulnerable to pre-auth DoS through WebSockets client service
from 0
MEDIUM4.9NATS JetStream has an authorization bypass through its Management API
from 0
MEDIUM4.9NATS JetStream has an authorization bypass through its Management API
from 0
MEDIUM4.3NATS: Message tracing can be redirected to arbitrary subject
from 0
MEDIUM4.2NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
from 0
MEDIUM4.2NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
from 0
—NATS server TLS missing ciphersuite settings when CLI flags used in github.com/nats-io/nats-server
from 0