Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qpid vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2015-5164
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
Pulpproject Qpid -
5
CVSSv2
CVE-2014-0212
qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors
Apache Qpid-cpp -
7.5
CVSSv2
CVE-2011-3620
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote malicious users to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
Apache Qpid 0.12
4.3
CVSSv2
CVE-2014-3629
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote malicious users to cause outgoing HTTP connections via a crafted message.
Apache Qpid 0.30
5
CVSSv2
CVE-2017-15701
In Apache Qpid Broker-J versions 6.1.0 up to and including 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually termi...
Apache Qpid Broker-j
5.8
CVSSv2
CVE-2018-17187
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a ...
Apache Qpid Proton-j
4.3
CVSSv2
CVE-2016-3094
PlainSaslServer.java in Apache Qpid Java prior to 6.0.3, when the broker is configured to allow plaintext passwords, allows remote malicious users to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.
Apache Qpid Broker-j
4
CVSSv2
CVE-2009-5004
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .
Apache Qpid-cpp 1.0
5
CVSSv2
CVE-2018-8030
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP prot...
Apache Qpid Broker-j
7.5
CVSSv2
CVE-2017-15702
In Apache Qpid Broker-J 0.18 up to and including 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using a...
Apache Qpid Broker-j
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »