| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2024-10525 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a maliciou ... |
| CVE-2024-8376 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve me ... |
| CVE-2024-3935 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitt ... |
| CVE-2023-28366 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a ... |
| CVE-2021-34432 | fixed | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ... |
| CVE-2018-12546 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client pu ... |
| Bug | Description |
|---|
| CVE-2023-5632 | In Eclipse Mosquito before and including 2.0.5, establishing a connect ... |
| CVE-2023-3592 | In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 ... |
| CVE-2023-0809 | In Mosquitto before 2.0.16, excessive memory is allocated based on mal ... |
| CVE-2021-41039 | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ... |
| CVE-2021-34434 | In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ... |
| CVE-2021-34431 | In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ... |
| CVE-2021-28166 | In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ... |
| CVE-2019-11779 | In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ... |
| CVE-2019-11778 | If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1 ... |
| CVE-2018-20145 | Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option ... |
| CVE-2018-12551 | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured ... |
| CVE-2018-12550 | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured ... |
| CVE-2018-12543 | In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is ... |
| CVE-2017-9868 | In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) i ... |
| CVE-2017-7655 | In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ... |
| CVE-2017-7654 | In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability w ... |
| CVE-2017-7653 | The Eclipse Mosquitto broker up to version 1.4.15 does not reject stri ... |
| CVE-2017-7652 | In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running wi ... |
| CVE-2017-7651 | In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server ... |
| CVE-2017-7650 | In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clie ... |