Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qpid vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-15701
In Apache Qpid Broker-J versions 6.1.0 up to and including 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually termi...
Apache Qpid Broker-j
7.2
CVSSv3
CVE-2015-5164
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
Pulpproject Qpid -
7.5
CVSSv3
CVE-2016-8741
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It exists that these AuthenticationProviders in Apache Qpid Br...
Apache Qpid Broker-j 6.0.1
Apache Qpid Broker-j 6.0.2
Apache Qpid Broker-j 6.0.3
Apache Qpid Broker-j 6.0.4
Apache Qpid Broker-j 6.0.5
Apache Qpid Broker-j 6.1.0
5.9
CVSSv3
CVE-2016-4467
The C client and C-based client bindings in the Apache Qpid Proton library prior to 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChan...
Apache Qpid Proton 0.12.0
Apache Qpid Proton 0.12.1
Apache Qpid Proton 0.13.0
Apache Qpid Proton 0.11.1
Apache Qpid Proton 0.11.0
Apache Qpid Proton 0.10.0
Apache Qpid Proton 0.9.1
Apache Qpid Proton 0.12.2
Apache Qpid Proton 0.9.0
Apache Qpid Proton 0.8.0
9.1
CVSSv3
CVE-2016-4432
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java prior to 6.0.3 might allow remote malicious users to bypass authentication and consequently perform actions via vectors related to connection state logging.
Apache Qpid Broker-j
5.9
CVSSv3
CVE-2016-3094
PlainSaslServer.java in Apache Qpid Java prior to 6.0.3, when the broker is configured to allow plaintext passwords, allows remote malicious users to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.
Apache Qpid Broker-j
6.5
CVSSv3
CVE-2016-2166
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton prior to 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-mid...
Apache Qpid Proton
Fedoraproject Fedora 23
NA
CVE-2014-3629
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote malicious users to cause outgoing HTTP connections via a crafted message.
Apache Qpid 0.30
NA
CVE-2013-6491
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo prior to 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote malicious users to obtain sensitive information by sniffing the network.
Redhat Openstack 3.0
Openstack Oslo
NA
CVE-2013-1909
The Python client in Apache Qpid prior to 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitra...
Redhat Enterprise Mrg 2.0
Apache Qpid 0.11
Apache Qpid 0.12
Apache Qpid 0.13
Apache Qpid 0.14
Apache Qpid 0.16
Apache Qpid 0.18
Apache Qpid
Apache Qpid 0.19
Apache Qpid 0.5
Apache Qpid 0.6
Apache Qpid 0.7
Apache Qpid 0.8
Apache Qpid 0.10
Apache Qpid 0.15
Apache Qpid 0.17
Apache Qpid 0.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »