Lucene search
K

591 matches found

OSV
OSV
added 2026/06/25 12:3 p.m.2 views

RLSA-2023:6482 Moderate: librabbitmq security update

The librabbitmq packages provide an Advanced Message Queuing Protocol AMQP client library that allows you to communicate with AMQP servers using protocol version 0-9-1. Security Fixes: rabbitmq-c/librabbitmq: Insecure credentials submission CVE-2023-35789 For more details about the security issue...

5.1CVSS6.1AI score0.00214EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:11 p.m.6 views

OESA-2026-2713 librabbitmq security update

This is a C-language AMQP client library for use with AMQP servers speaking protocol versions 0-9-1. Security Fixes: CVE-2026-44235 CVE-2026-44236...

5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/06/10 1:13 a.m.8 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness via the sendAndReceive function when using a fixed reply queue, due to correlation IDs being generated sequentially by an internal counter. An attacker can intercept or inject unauthorized replies by predicting...

4.4CVSS5.3AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35895

Correlation IDs for replies in the RabbitTemplate.sendAndReceive with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17...

4.4CVSS5.5AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.11 views

CVE-2026-41714

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....

4CVSS0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:48 p.m.39 views

CVE-2026-41714 In Spring AMQP the RabbitConnectionFactoryBean.setUri("amqps://...") bypasses secure SSL setup, uses TrustEverythingTrustManager

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....

4CVSS0.00132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 p.m.8 views

CVE-2026-41714 In Spring AMQP the RabbitConnectionFactoryBean.setUri("amqps://...") bypasses secure SSL setup, uses TrustEverythingTrustManager

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....

4CVSS5.4AI score0.00132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.8 views

CVE-2026-41701 In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues

Correlation IDs for replies in the RabbitTemplate.sendAndReceive with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17...

4.4CVSS5.5AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.36 views

CVE-2026-41701

CVE-2026-41701 affects Spring AMQP (RabbitTemplate) where correlation IDs for replies on fixed reply queues are generated by an internal simple counter, making them predictable. This data from NVD/CVE listings confirms the issue affects multiple versions (2.4.0–2.4.17, 3.1.0–3.1.15, 3.2.0–3.2.10,...

4.4CVSS5.5AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.42 views

CVE-2026-41701 In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues

Correlation IDs for replies in the RabbitTemplate.sendAndReceive with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17...

4.4CVSS0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48317

Name of the Vulnerable Software and Affected Versions Spring AMQP versions 4.0.0 through 4.0.3 Spring AMQP versions 3.2.0 through 3.2.10 Spring AMQP versions 3.1.0 through 3.1.15 Spring AMQP versions 2.4.0 through 2.4.17 Description Applications that configure their broker connection using the...

4CVSS5.8AI score0.00132EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.10 views

CVE-2026-41701: In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues

Correlation IDs for replies in the RabbitTemplate.sendAndReceive with the fixed reply queue are predictable due to internal simple counter...

4.4CVSS5.8AI score0.00173EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/05/19 12:0 a.m.8 views

Spring Office Hours Podcast: S5E16 - May Release Train Shift & What's Coming in Spring Boot 4.1

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun break down the recently announced shift of the May release train from May 11-22 to June 1-5, and what that means for your upgrade planning across the Spring portfolio. They also dig...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.12 views

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

9.8CVSS6.4AI score0.00881EPSS
Exploits2References6
vulnersOsv
vulnersOsv
added 2026/05/07 6:31 a.m.9 views

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-41004 Source advisory: OSV:GHSA-J6HH-H3CF-C2HF...

4.4CVSS5.8AI score0.00168EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/06 12:0 a.m.11 views

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40982 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439043...

9.1CVSS5.8AI score0.00727EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/06 12:0 a.m.7 views

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-41004 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439025...

4.4CVSS5.8AI score0.00168EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.14 views

Wireshark 2.0.x < 2.0.14 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 2.0.14. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.14 advisory. - In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system...

7.8CVSS5.8AI score0.03343EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.6 views

Wireshark 2.0.x < 2.0.14 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.0.14. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.14 advisory. - In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust...

7.8CVSS6.9AI score0.03343EPSS
Exploits0References23
vulnersOsv
vulnersOsv
added 2026/04/07 6:4 p.m.7 views

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.12) +6 more potentially affected by CVE-2026-34148 via @fedify/fedify (>=1.10.0 <=1.9.2)

@fedify/fedify NPM version =1.10.0, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.2.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2026-34148 Source advisory: SNYK:JS-FEDIFYFEDIFY-15928876...

7.5CVSS5.8AI score0.00551EPSS
Exploits1
Rows per page
Query Builder