Lucene search
K

538 matches found

RedHat Linux
RedHat Linux
added 2012/04/30 5:40 p.m.5 views

qpid-cpp: cluster authentication ignores cluster-* settings

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...

7.5CVSS5.9AI score0.0531EPSS
Exploits1References4
NVD
NVD
added 2010/10/18 5:0 p.m.34 views

CVE-2009-5005

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

5CVSS6.6AI score0.05927EPSS
Exploits0References7
Prion
Prion
added 2010/10/18 5:0 p.m.18 views

Code injection

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

5CVSS7.1AI score0.05927EPSS
Exploits0References7Affected Software2
ATTACKERKB
ATTACKERKB
added 2010/10/18 5:0 p.m.2 views

CVE-2009-5005

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

5CVSS5.6AI score0.05927EPSS
Exploits0References8
Cvelist
Cvelist
added 2010/10/18 4:0 p.m.30 views

CVE-2009-5005

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

6.6AI score0.05927EPSS
Exploits0References7
Cvelist
Cvelist
added 2010/10/18 4:0 p.m.32 views

CVE-2009-5006

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service NULL pointer...

6.2AI score0.04086EPSS
Exploits0References8
CVE
CVE
added 2010/10/18 4:0 p.m.64 views

CVE-2009-5006

Apache Qpid's broker (C++ SessionAdapter::ExchangeHandlerImpl::checkAlternate) before version 0.6, used in Red Hat Enterprise MRG before 1.3, is affected. A remote authenticated user can trigger a NULL pointer dereference by attempting to redeclare an existing exchange while adding an alternate e...

4CVSS6.4AI score0.04086EPSS
Exploits0References8Affected Software2
CVE
CVE
added 2010/10/18 4:0 p.m.68 views

CVE-2009-5005

CVE-2009-5005 affects Apache Qpid used in Red Hat Enterprise MRG Messaging and Grid before version 1.3. The vulnerability is in Cluster::deliveredEvent handling of AMQP data, allowing a remote attacker to trigger a denial of service (daemon crash and cluster outage) through invalid AMQP data. Red...

5CVSS6.8AI score0.05927EPSS
Exploits0References7Affected Software2
RedHat Linux
RedHat Linux
added 2010/10/14 4:9 p.m.7 views

Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Messaging and Grid Version 1.3

Updated packages that fix two security issues, several bugs, and add multiple enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise MRG Messaging and Grid for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as havi...

5CVSS5.8AI score0.05927EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2010/10/14 4:9 p.m.4 views

qpid: crash on receipt of invalid AMQP data

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

5CVSS5.9AI score0.05927EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/10/14 3:53 p.m.6 views

qpid: crash when redeclaring the exchange with specified alternate_exchange

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service NULL pointer...

4CVSS5.8AI score0.04086EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/10/14 3:53 p.m.6 views

qpid: crash on receipt of invalid AMQP data

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

5CVSS5.9AI score0.05927EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/10/14 3:53 p.m.228 views

Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Messaging and Grid Version 1.3

Updated packages that fix two security issues, several bugs, and add multiple enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise MRG Messaging and Grid for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as havi...

5CVSS5.8AI score0.05927EPSS
Exploits0References193
Prion
Prion
added 2010/10/12 9:0 p.m.19 views

Design/Logic Flaw

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...

4.3CVSS7.1AI score0.04711EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2010/10/12 8:0 p.m.35 views

CVE-2010-3083

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...

6.6AI score0.04711EPSS
Exploits0References6
CVE
CVE
added 2010/10/12 8:0 p.m.64 views

CVE-2010-3083

The CVE-2010-3083 issue affects Red Hat Enterprise MRG Messaging (qpidd) when SSL is enabled. A flaw in how the SSL port is handled allows a remote attacker to cause a denial-of-service (daemon outage) by connecting to the SSL port without completing the SSL handshake. The vulnerability is addres...

4.3CVSS6.8AI score0.04711EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2010/10/08 1:55 a.m.4 views

MRG: SSL connections to MRG broker can be blocked

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...

4.3CVSS5.9AI score0.04711EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/12/03 4:15 a.m.2 views

qpid: large messaages cause crash when using digest-md5 and security layer

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...

6.5CVSS6.6AI score0.02559EPSS
Exploits0References4
Rows per page
Query Builder