How severe is CVE-2018-12550?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2018-12550?

This is classified as CWE-440, which is a common weakness in software security.

CVE-2018-12550

HIGH Year: 2018

CVSS v3 Score

8.1

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-440

View all →

Vulnerability Description

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.

CVE-2023-4807

HIGH

CVSS:7.8(High)

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_6...

CWE-4402023

CVE-2022-3281

HIGH

CVSS:7.5(High)

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote...

CWE-4402022

CVE-2023-32731

HIGH

CVSS:7.5(High)

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of...

CWE-4402023

CVE-2019-5061

HIGH

CVSS:7.4(High)

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has ...

CWE-4402019

CVE-2019-5062

HIGH

CVSS:7.4(High)

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association,...

CWE-4402019

CVE-2019-5108

HIGH

CVSS:7.4(High)

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for station...

CWE-4402019

CVE-2018-12550

Vulnerability Description

Related Vulnerabilities

CVE-2023-4807

CVE-2022-3281

CVE-2023-32731

CVE-2019-5061

CVE-2019-5062

CVE-2019-5108