Filtered by vendor Emqx
Subscribe
Total
16 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-10964 | 1 Emqx | 1 Neuron | 2024-11-26 | 6.5 MEDIUM | 6.3 MEDIUM |
A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
CVE-2024-10965 | 1 Emqx | 1 Neuron | 2024-11-23 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue. | |||||
CVE-2023-37781 | 1 Emqx | 1 Emqx | 2024-11-21 | N/A | 6.5 MEDIUM |
An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file. | |||||
CVE-2023-34494 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 7.5 HIGH |
NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c. | |||||
CVE-2023-34488 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 7.8 HIGH |
NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handler function of mqtt_parser.c when it processes malformed messages. | |||||
CVE-2023-33660 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 7.5 HIGH |
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | |||||
CVE-2023-33659 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 7.5 HIGH |
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | |||||
CVE-2023-33658 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 7.5 HIGH |
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack. | |||||
CVE-2023-33657 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 7.5 HIGH |
A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack. | |||||
CVE-2023-33656 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 5.5 MEDIUM |
A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources. | |||||
CVE-2023-29996 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 7.5 HIGH |
In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. | |||||
CVE-2023-29995 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 7.5 HIGH |
In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c | |||||
CVE-2023-29994 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 7.5 HIGH |
In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. | |||||
CVE-2021-46434 | 1 Emqx | 1 Emqx | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid. | |||||
CVE-2021-33175 | 1 Emqx | 1 Emq X Broker | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system. | |||||
CVE-2024-44460 | 1 Emqx | 1 Nanomq | 2024-10-30 | N/A | 7.5 HIGH |
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS). |