songxpu

8 exploits Active since Dec 2022
CVE-2022-43272 WRITEUP HIGH WRITEUP
DCMTK <3.6.7 - Memory Corruption
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
CVSS 7.5
CVE-2024-42644 WRITEUP HIGH WRITEUP
FlashMQ v1.14.0 - Info Disclosure
FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of the publish object is greater than 0.
CVSS 7.5
CVE-2024-42645 WRITEUP HIGH WRITEUP
FlashMQ 1.14.0 - DoS
An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service (DoS).
CVSS 7.5
CVE-2024-42646 WRITEUP HIGH WRITEUP
NanoMQ <0.21.10 - DoS
A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.
CVSS 7.5
CVE-2024-42648 WRITEUP MEDIUM WRITEUP
NanoMQ <0.22.10 - DoS
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
CVSS 6.5
CVE-2024-42649 WRITEUP MEDIUM WRITEUP
NanoMQ <0.22.10 - DoS
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
CVSS 6.5
CVE-2024-42651 WRITEUP HIGH WRITEUP
NanoMQ <0.17.9 - Use After Free
NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message.
CVSS 7.5
CVE-2024-42655 WRITEUP HIGH WRITEUP
NanoMQ <0.21.10 - Auth Bypass
An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.
CVSS 8.8