79 matches found
EUVD-2017-14081
Malware in sbrugna...
EUVD-2018-11898
Malware in sbrugna...
EUVD-2019-2969
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-1279
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster....
Pivotal RabbitMQ 3.8.x < 3.8.16 Code Execution
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. A malicious actor can execute arbitrary code on the running RabbitMQ server by adding arbitrary...
GHSA-HRFH-7J5F-8CCR Pivotal RabbitMQ is vulnerable to a denial of service attack
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be...
GHSA-9PF7-F47Q-MWPQ Cross-site Scripting in RabbitMQ
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...
RabbitMQ < 3.8.18 XSS
Pivotal RabbitMQ versions prior to 3.8.18 are affected by a cross-site scripting XSS vulnerability in the rabbitmqfederationmanagement plugin due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user ...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : RabbitMQ vulnerabilities (USN-5004-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5004-1 advisory. It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial o...
Pivotal RabbitMQ 3.8.x < 3.8.16 DoS
Pivotal RabbitMQ versions 3.8.x prior to 3.8.16 are affected by a denial of service DoS vulnerability due to improper input validation. A remote attacker can exploit this by sending malicious AMQP messages in order to cause a crash. Note that Nessus has not tested for these issues but has instead...
Pivotal RabbitMQ < 3.7.18 Cross Site Scripting (XSS) Vulnerability
According to its self-reported version, the version of Pivotal RabbitMQ running on the remote web server is prior to 3.7.18. It is, therefore, affected by cross site scripting XSS vulnerability. A cross-site scripting XSS vulnerability exists in two components, the virtual host limits page, and t...
Pivotal RabbitMQ < 3.3.4 Security Bypass Vulnerability
According to its self-reported version, the version of Pivotal RabbitMQ running on the remote web server is prior to 3.3.4. It is, therefore, affected by security bypass vulnerability. An unauthenticated, remote attacker could bypass security restrictions, caused by the improper handling of...
Pivotal RabbitMQ 3.7.x < 3.7.20 / 3.8.x < 3.8.1 Cross Site Scripting (XSS)
Pivotal RabbitMQ, 3.7 versions prior to 3.7.20 and 3.8 version prior to 3.8.1, contain two endpoints, federation and shovel, which do not properly sanitize user input. An authenticated, remote attacker with administrative access could craft a cross site scripting attack via the vhost or node name...
Pivotal RabbitMQ 3.7.x < 3.7.21 / 3.8.x < 3.8.1 Denial of Service
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The 'X-Reason' HTTP Header can be...
Pivotal Software RabbitMQ Cross-Site Scripting Vulnerability
Pivotal Software RabbitMQ is the United States Pivotal Software, Inc. of a set of implementation of the Advanced Message Queuing Protocol AMQP open source message broker software. A cross-site scripting vulnerability exists in Pivotal Software RabbitMQ. The vulnerability stems from a lack of prop...
CVE-2019-11287
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be...
CVE-2019-11287
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be...
CVE-2019-11287
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be...
Format string
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be...
CVE-2019-11287
CVE-2019-11287 affects Pivotal RabbitMQ and RabbitMQ for Pivotal Platform web management plugin. Versions 3.7.x before 3.7.21, 3.8.x before 3.8.1, and 1.16.x before 1.16.7 and 1.17.x before 1.17.4 are vulnerable. The vulnerability allows a crafted X-Reason HTTP header to inject a malicious Erlang...