Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qpid vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-4432
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java prior to 6.0.3 might allow remote malicious users to bypass authentication and consequently perform actions via vectors related to connection state logging.
Apache Qpid Broker-j
4.3
CVSSv2
CVE-2018-1298
A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated malicious user to crash t...
Apache Qpid Broker-j 7.0.0
5.8
CVSSv2
CVE-2016-2166
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton prior to 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-mid...
Apache Qpid Proton
Fedoraproject Fedora 23
4.3
CVSSv2
CVE-2010-3083
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG prior to 1.2.2 and other products, when SSL is enabled, allows remote malicious users to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handsh...
Apache Qpid 0.6
Apache Qpid 0.5
Redhat Enterprise Mrg
Redhat Enterprise Mrg 1.1.2
Redhat Enterprise Mrg 1.0.3
Redhat Enterprise Mrg 1.1.1
Redhat Enterprise Mrg 1.0.2
Redhat Enterprise Mrg 1.0.1
Redhat Enterprise Mrg 1.0
4
CVSSv2
CVE-2009-5006
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid prior to 0.6, as used in Red Hat Enterprise MRG prior to 1.3 and other products, allows remote authenticated users to cause a denial of service...
Apache Qpid
Redhat Enterprise Mrg 1.2
Redhat Enterprise Mrg 1.0.2
Redhat Enterprise Mrg 1.1.2
Redhat Enterprise Mrg 1.0.3
Redhat Enterprise Mrg 1.0
Redhat Enterprise Mrg
Redhat Enterprise Mrg 1.0.1
Redhat Enterprise Mrg 1.1.1
5
CVSSv2
CVE-2009-5005
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG prior to 1.3 and other products, allows remote malicious users to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
Apache Qpid
Redhat Enterprise Mrg 1.0.2
Redhat Enterprise Mrg 1.1.2
Redhat Enterprise Mrg 1.0.3
Redhat Enterprise Mrg 1.1.1
Redhat Enterprise Mrg 1.0
Redhat Enterprise Mrg 1.2
Redhat Enterprise Mrg
Redhat Enterprise Mrg 1.0.1
5.8
CVSSv2
CVE-2019-0223
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenS...
Apache Qpid
Redhat Jboss Amq Clients 2 -
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 6.6
Redhat Enterprise Linux Eus 6.7
Redhat Enterprise Linux Server Aus 6.5
Redhat Enterprise Linux Server Aus 6.4
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.3
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Tus 7.4
Redhat Enterprise Linux Eus 7.3
Redhat Enterprise Linux Eus 7.4
Redhat Enterprise Linux Eus 7.5
Redhat Satellite 6.3
1 Github repository
7.5
CVSSv2
CVE-2004-1531
SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 up to and including 2.0.2 allows remote malicious users to execute arbitrary SQL commands via the qpid parameter.
Invision Power Services Invision Board 2.0.1
Invision Power Services Invision Board 2.0.2
Invision Power Services Invision Board 2.0
1 EDB exploit
5.2
CVSSv2
CVE-2019-3845
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or C...
Redhat Satellite
4.3
CVSSv2
CVE-2013-6491
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo prior to 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote malicious users to obtain sensitive information by sniffing the network.
Redhat Openstack 3.0
Openstack Oslo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »