Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache qpid vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-15702
In Apache Qpid Broker-J 0.18 up to and including 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using a...
Apache Qpid Broker-j
668
VMScore
CVE-2011-3620
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote malicious users to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
Apache Qpid 0.12
605
VMScore
CVE-2012-4446
The default configuration for Apache Qpid 0.20 and previous versions, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote malicious users to bypass authentication and have other unspecified impact via an ...
Apache Qpid 0.7
Apache Qpid 0.6
Apache Qpid 0.5
Apache Qpid 0.16
Apache Qpid 0.15
Apache Qpid 0.14
Apache Qpid 0.13
Apache Qpid 0.19
Apache Qpid 0.17
Apache Qpid 0.12
Apache Qpid 0.10
Apache Qpid 0.8
Apache Qpid
Apache Qpid 0.18
Apache Qpid 0.11
Apache Qpid 0.9
516
VMScore
CVE-2019-0223
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenS...
Apache Qpid
Redhat Jboss Amq Clients 2 -
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 6.6
Redhat Enterprise Linux Eus 6.7
Redhat Enterprise Linux Server Aus 6.5
Redhat Enterprise Linux Server Aus 6.4
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.3
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Tus 7.4
Redhat Enterprise Linux Eus 7.3
Redhat Enterprise Linux Eus 7.4
Redhat Enterprise Linux Eus 7.5
Redhat Satellite 6.3
1 Github repository
516
VMScore
CVE-2018-17187
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a ...
Apache Qpid Proton-j
516
VMScore
CVE-2016-2166
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton prior to 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-mid...
Apache Qpid Proton
Fedoraproject Fedora 23
516
VMScore
CVE-2013-1909
The Python client in Apache Qpid prior to 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitra...
Redhat Enterprise Mrg 2.0
Apache Qpid 0.11
Apache Qpid 0.12
Apache Qpid 0.13
Apache Qpid 0.14
Apache Qpid 0.16
Apache Qpid 0.18
Apache Qpid
Apache Qpid 0.19
Apache Qpid 0.5
Apache Qpid 0.6
Apache Qpid 0.7
Apache Qpid 0.8
Apache Qpid 0.10
Apache Qpid 0.15
Apache Qpid 0.17
Apache Qpid 0.9
445
VMScore
CVE-2021-29923
Go prior to 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows malicious users to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.P...
Golang Go
Oracle Timesten In-memory Database
Fedoraproject Fedora 36
1 Github repository
445
VMScore
CVE-2014-0212
qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors
Apache Qpid-cpp -
445
VMScore
CVE-2019-0200
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated malicious user to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, ...
Apache Qpid Broker-j
Apache Qpid Broker-j 7.1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »