CVE-2026-33215

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

curl: MQTT Protocol Packet Injection via Unchecked CONNACK Remaining Length

I'm not sure if this is a vulnerability or intended behavior, but I noticed that curl MQTT implementation accepts CONNACK packets with Remaining Length values greater than 2, which appears to violate the MQTT v3.1.1 specification. According to the MQTT spec, CONNACK packets should have a Remainin...

OPENSUSE-SU-2026:20082-1 Security update for rabbitmq-server

This update for rabbitmq-server fixes the following issues: Changes in rabbitmq-server: Update to 4.1.5: Highlights - Khepri, an alternative schema data store developed to replace Mnesia, has matured and is now fully supported it previously was an experimental feature - AMQP 1.0 is now a core...

Vulnerability fixed in RabbitMQ

A vulnerability has been fixed in RabbitMQ. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause by sending a rogue AMQP message to the RabbitMQ server that can receive AMQP 1.0 messages. VMware Tanzu has released updates to fix the vulnerability fix in...

GHSA-Q66C-H853-GQW2 AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...

CVE-2018-11050

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol AMQP component. User credentials are sent unencrypted to the remote AMQP service. An...

Microsoft Azure IoT SDK Man-in-the-Middle Spoofing Vulnerability

Microsoft C, C and Java SDK for Azure IoT is a software development kit for developing Azure IoT Internet of Things platform applications based on the C, C and Java languages, respectively, from Microsoft Corporation, USA. A security vulnerability exists in the Microsoft C, C and Java SDK for Azu...

CVE-2018-8119

A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK, C SDK, Java SDK...

DEBIAN-CVE-2017-2893

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet ove...

DEBIAN-CVE-2017-11408

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection...

UBUNTU-CVE-2017-11408

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection...

IntelMQ - A solution for IT security teams for collecting and processing security feeds using a message queuing protocol

IntelMQ is a solution for IT security teams CERTs, CSIRTs, abuse departments,... for collecting and processing security feeds such as log files using a message queuing protocol. It's a community driven initiative called IHAP Incident Handling Automation Project which was conceptually designed by...

Pivotal Software RabbitMQ and RabbitMQ for PCF Security Bypass Vulnerability

Pivotal Software RabbitMQ and RabbitMQ for PCF are both products of the American company Pivotal Software. The former is a set of open source message broker software that implements the Advanced Message Queuing Protocol AMQP, and the latter is an open source messaging server used to support data...

wireshark: AMQP dissector crash (wnpa-sec-2014-21)

Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service application crash via a crafted amqp010 PDU in a packet...

qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd...

qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd...

qpid: crash on receipt of invalid AMQP data

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

qpid: crash on receipt of invalid AMQP data

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Messaging security and bug fix update 1.2.2

Updated Red Hat Enterprise MRG Messaging packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...