Emqx

emqx

39 CVEs • 5 products

Products (5)

Click to collapse

Toggle

CVEs (39)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-10964 1Emqx 1Neuron Nov 26, 2024 Nov 7, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads...Show more A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.Show less
CVE-2024-44460 1Emqx 1Nanomq Oct 30, 2024 Sep 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
CVE-2024-31036 1Emqx 1Nanomq Jun 10, 2025 Apr 22, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams.
CVE-2024-31041 1Emqx 1Nanomq Jun 10, 2025 Apr 17, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.
CVE-2024-31040 1Emqx 1Nanomq Jun 10, 2025 Apr 17, 2024 N/A· v4 2.7 LOW· v3 N/A· v2 Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.
CVE-2024-25767 1Emqx 1Nanomq May 1, 2025 Feb 26, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.
CVE-2023-37781 1Emqx 1Emqx Nov 21, 2024 Jul 17, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file.
CVE-2023-34494 1Emqx 1Nanomq Nov 21, 2024 Jun 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.
CVE-2023-34488 1Emqx 1Nanomq Sep 24, 2025 Jun 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.
CVE-2023-33657 1Emqx 1Nanomq Jan 6, 2025 Jun 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data...Show more A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.Show less
CVE-2023-33660 1Emqx 1Nanomq Jan 6, 2025 Jun 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a deni...Show more A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.Show less
CVE-2023-33658 1Emqx 1Nanomq Jan 6, 2025 Jun 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause...Show more A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack.Show less
CVE-2023-33659 1Emqx 1Nanomq Jan 8, 2025 Jun 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cau...Show more A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.Show less
CVE-2023-33656 1Emqx 1Nanomq Jan 10, 2025 May 30, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume...Show more A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources.Show less
CVE-2023-29996 1Emqx 1Nanomq Jan 29, 2025 May 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.
CVE-2023-29995 1Emqx 1Nanomq Jan 29, 2025 May 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c
CVE-2023-29994 1Emqx 1Nanomq Jan 29, 2025 May 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.
CVE-2021-46434 1Emqx 1Emqx Nov 21, 2024 Mar 28, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attac...Show more EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was validShow less
CVE-2021-33175 1Emqx 1Emq X Broker Nov 21, 2024 Jun 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume larg...Show more EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.Show less