Download
| Alert*
oval:org.secpod.oval:def:53517
Kushal Kumaran reported that the update for mosquitto issued as DSA 4388-1 causes mosquitto to crash when reloading the persistent database. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:602908 mosquitto is installed oval:org.secpod.oval:def:107309 mosquitto is installed oval:org.secpod.oval:def:116600 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low powe ... oval:org.secpod.oval:def:120351 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for machine to machine messaging such as with low power sensors or ... oval:org.secpod.oval:def:120364 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for machine to machine messaging such as with low power sensors or ... oval:org.secpod.oval:def:1800859 A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ... oval:org.secpod.oval:def:1800654 mosquitto is installed oval:org.secpod.oval:def:603639 Kushal Kumaran reported that the update for mosquitto issued as DSA 4388-1 causes mosquitto to crash when reloading the persistent database. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:107308 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ... oval:org.secpod.oval:def:107330 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ... oval:org.secpod.oval:def:119697 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for machine to machine messaging such as with low power sensors or ... oval:org.secpod.oval:def:119696 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for machine to machine messaging such as with low power sensors or ... oval:org.secpod.oval:def:112445 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ... oval:org.secpod.oval:def:112441 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ... oval:org.secpod.oval:def:1800661 A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ... oval:org.secpod.oval:def:602907 It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed. oval:org.secpod.oval:def:1800653 A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ... oval:org.secpod.oval:def:112601 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for machine to machine messaging such as with low power sensors or ... oval:org.secpod.oval:def:112609 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for machine to machine messaging such as with low power sensors or ... oval:org.secpod.oval:def:114227 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low powe ... oval:org.secpod.oval:def:114226 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low powe ... oval:org.secpod.oval:def:115262 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low powe ... oval:org.secpod.oval:def:115389 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low powe ... oval:org.secpod.oval:def:115263 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low powe ... oval:org.secpod.oval:def:115687 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low powe ... oval:org.secpod.oval:def:115681 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low powe ... oval:org.secpod.oval:def:115954 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low powe ... oval:org.secpod.oval:def:1901909 When Eclipse Mosquitto version 1.0 to 1.5.5 is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authenticati ... oval:org.secpod.oval:def:53511 Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass. Please refer to https://mosquitto.org/blog/2019/02/version-1-5-6-released/ for additional information. oval:org.secpod.oval:def:1901908 In Eclipse Mosquitto version 1.0 to 1.5.5 when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able ... oval:org.secpod.oval:def:1901443 If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrec ... oval:org.secpod.oval:def:603631 Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass. Please refer to https://mosquitto.org/blog/2019/02/version-1-5-6-released/ for additional information. oval:org.secpod.oval:def:705183 mosquitto: MQTT version 3.1/3.1.1 compatible message broker Mosquitto could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:69786 A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service , by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy. oval:org.secpod.oval:def:1901763 In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. oval:org.secpod.oval:def:2002030 In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. oval:org.secpod.oval:def:1901170 The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of ... oval:org.secpod.oval:def:1900794 In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker. oval:org.secpod.oval:def:53447 It was discovered that mosquitto, an MQTT broker, was vulnerable to remote denial-of-service attacks that could be mounted using various vectors. oval:org.secpod.oval:def:603553 It was discovered that mosquitto, an MQTT broker, was vulnerable to remote denial-of-service attacks that could be mounted using various vectors. oval:org.secpod.oval:def:96489 mosquitto: MQTT version 3.1/3.1.1 compatible message broker Several security issues were fixed in Mosquitto. oval:org.secpod.oval:def:95222 Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack. CVE-2021-34434 In Eclipse Mosquitto when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoke ... oval:org.secpod.oval:def:612690 Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack. CVE-2021-34434 In Eclipse Mosquitto when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoke ... |