songxpu/bug_report

Releases0

Stars3

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-42655 ↗	Jul 29, 2025Tuesday, 29 July 2025, 19:15	8.8 HIGH	—
An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.
CVE-2024-42651 ↗	Jul 29, 2025Tuesday, 29 July 2025, 19:15	7.5 HIGH	—
NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message.
CVE-2024-42644 ↗	Jul 29, 2025Tuesday, 29 July 2025, 14:15	7.5 HIGH	—
FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of the publish object is greater than 0.
CVE-2024-42645 ↗	Jul 29, 2025Tuesday, 29 July 2025, 14:15	7.5 HIGH	—
An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service (DoS).
CVE-2024-42649 ↗	Jul 14, 2025Monday, 14 July 2025, 17:15	6.5 MEDIUM	—
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
CVE-2024-42646 ↗	Jul 14, 2025Monday, 14 July 2025, 17:15	7.5 HIGH	—
A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.
CVE-2024-42648 ↗	Jul 14, 2025Monday, 14 July 2025, 17:15	6.5 MEDIUM	—
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
CVE-2022-43272 ↗	Dec 2, 2022Friday, 2 December 2022, 16:15	7.5 HIGH	—
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.