Lucene search
K

170 matches found

OSV
OSV
added 6 days ago4 views

BIT-ACTIVEMQ-2026-53917 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-53917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An...

7.5CVSS6AI score0.00796EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 5:53 p.m.8 views

CVE-2026-53917

A flaw was found in Apache ActiveMQ. An authenticated user can exploit this vulnerability by sending a specially crafted OpenWire Message with an excessively large encoded size value for the message property map. This lack of size validation during unmarshaling can lead to an out-of-memory error,...

7.5CVSS5.6AI score0.00796EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:16 a.m.3 views

DEBIAN-CVE-2026-53917

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

7.5CVSS5.7AI score0.00796EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:16 a.m.8 views

CVE-2026-53917

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

7.5CVSS0.00796EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.4 views

UBUNTU-CVE-2026-53917

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

7.5CVSS5.8AI score0.00796EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 9:53 a.m.39 views

CVE-2026-50734 Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...

0.00796EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 9:53 a.m.13 views

CVE-2026-50734

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, and Apache ActiveMQ All allows an unauthenticated network attacker to cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The broker may allocate memor...

7.5CVSS5.7AI score0.00796EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 9:51 a.m.39 views

CVE-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

0.00707EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 9:49 a.m.37 views

CVE-2026-53917 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

0.00796EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 9:49 a.m.8 views

EUVD-2026-40277

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

7.5CVSS5.7AI score0.00796EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 9:49 a.m.12 views

CVE-2026-53917

CVE-2026-53917 describes an unbounded memory allocation vulnerability in OpenWire property unmarshalling in Apache ActiveMQ and related builds. An authenticated user can send a crafted OpenWire Message with a very large encoded size value for a message property map, causing OpenWire maps to be un...

7.5CVSS5.7AI score0.00796EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53845

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ All versions prior to 5.19.8 Apache ActiveMQ All versions 6.0.0 through 6.2.6 Apache ActiveMQ Client versions prior to 5.19.8 Apache ActiveMQ...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References9
OSV
OSV
added 2026/06/23 5:6 p.m.15 views

ROOT-APP-MAVEN-CVE-2025-27533 CVE-2025-27533 in io.root.org.apache.activemq:activemq-openwire-legacy - Patched by Root

Root has patched CVE-2025-27533 in the io.root.org.apache.activemq:activemq-openwire-legacy package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.9AI score0.08453EPSS
Exploits2
Veracode
Veracode
added 2026/03/28 5:5 a.m.8 views

Incorrect Authorization

Apache Artemis is vulnerable to Incorrect Authorization. The vulnerability is due to incorrect authorization, where an authenticated user with the 'createDurableQueue' permission but without the 'createAddress' permission can create a temporary address when attempting to create a non-durable JMS...

4.3CVSS5.2AI score0.0047EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-32642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to crea...

4.3CVSS5.8AI score0.0047EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/24 9:30 a.m.6 views

org.apache.artemis:apache-artemis (>=2.50.0 <=2.52.0), org.apache.artemis:artemis-features (>=2.50.0 <=2.52.0) +1 more potentially affected by CVE-2026-32642 via org.apache.artemis:artemis-openwire-protocol (>=2.50.0 <=2.52.0)

org.apache.artemis:artemis-openwire-protocol MAVEN version =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.52.0 Source cves: CVE-2026-32642 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-15791525...

4.3CVSS5.8AI score0.0047EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/24 9:30 a.m.9 views

com.io7m.jsay:com.io7m.jsay (=0.0.2), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +5 more potentially affected by CVE-2026-32642 via org.apache.activemq:artemis-openwire-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-openwire-protocol MAVEN version =2.0.0, =1.14.2, =0.1.0, =0.1.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-32642 Source advisory: OSV:GHSA-F4GC-MWRG-Q36R...

4.3CVSS5.8AI score0.0047EPSS
Exploits0
OSV
OSV
added 2026/03/24 9:30 a.m.6 views

GHSA-F4GC-MWRG-Q36R Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS5.8AI score0.0047EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/24 9:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempts to create a non-durable JMS topic subscription on a non-existent addres...

4.3CVSS5.9AI score0.0047EPSS
Exploits0References2
Rows per page
Query Builder