Vulnerabilities
Vulnerable Software
Emqx:  Security Vulnerabilities
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue.
CVSS Score
5.3
EPSS Score
0.005
Published
2024-11-07
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.005
Published
2024-09-12
A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams.
CVSS Score
6.8
EPSS Score
0.003
Published
2024-04-22
Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.
CVSS Score
2.7
EPSS Score
0.006
Published
2024-04-17
Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-04-17
nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.
CVSS Score
6.5
EPSS Score
0.006
Published
2024-02-26
An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-07-17
NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.
CVSS Score
7.8
EPSS Score
0.005
Published
2023-06-12
NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-06-12
A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.
CVSS Score
7.5
EPSS Score
0.01
Published
2023-06-08


Contact Us

Shodan ® - All rights reserved