Lucene search
K

1253 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in librabbitmq

A vulnerability was discovered in the C AMQP client library also known as rabbitmq-c for RabbitMQ in versions up to 0.13.0. credentials can only be entered via the command line e.g., for amqp-publish or amqp-consume, and therefore they are visible to local attackers who can list processes along...

5.5CVSS5.5AI score0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in rabbitMQ-server

Pivotal RabbitMQ versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, as well as RabbitMQ for Pivotal Platform versions 1.16.x prior to 1.16.7 and 1.17.x prior to 1.17.4, contain a web management plugin that is vulnerable to a denial-of-service attack. The “X-Reason” HTTP header can be...

7.5CVSS5.5AI score0.04519EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in rabbitMQ-server

Versions of RabbitMQ prior to 3.8.16 are vulnerable to a denial-of-service vulnerability due to improper input validation in the AMQP 1.0 client connection endpoint. A malicious user can exploit this vulnerability by sending malicious AMQP messages to the target RabbitMQ instance where the AMQP 1...

7.5CVSS5.6AI score0.01387EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in rabbitmq-server

RabbitMQ is a multi-protocol messaging broker. In rabbitMQ-server prior to version 3.8.17, adding a new user through the management UI could result in the user’s banner being displayed in a confirmation message without proper tag sanitization. This could potentially allow for JavaScript code to...

5.4CVSS6.1AI score0.01437EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in rabbitmq-server

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI through the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...

4.8CVSS6.3AI score0.01416EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-42261

Name of the Vulnerable Software and Affected Versions amazon-mq rabbitmq-aws versions prior to 0.2.1 Description Active debug code in the ARN resolver allows remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. This occurs because the 'PUT...

8.3CVSS6AI score0.00344EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

RabbitMQ AWS infrastructure Plugin 安全漏洞

The RabbitMQ AWS Infrastructure Plugin is an open-source project by amazon-mq, designed for integrating RabbitMQ with AWS infrastructure. Versions of the RabbitMQ AWS Infrastructure Plugin prior to version 0.2.1 contained security vulnerabilities. These vulnerabilities stemmed from debugging code...

8.3CVSS6.1AI score0.00344EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 1:24 p.m.14 views

CLEANSTART-2026-GE45898 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.20.1-r0

Multiple security vulnerabilities affect the rabbitmq-cluster-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References23
OSV
OSV
added 2026/05/18 1:12 p.m.11 views

CLEANSTART-2026-IP78312 Security fixes for CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-pc3f-x583-g7j2 applied in versions: 2.19.2-r0, 2.19.2-r1, 2.19.2-r2, 2.19.2-r3

Multiple security vulnerabilities affect the rabbitmq-cluster-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

8.8CVSS7.2AI score0.00813EPSS
Exploits0References38
OSV
OSV
added 2026/05/18 1:2 p.m.7 views

CLEANSTART-2026-SA98061 Security fixes for CVE-2026-33186, CVE-2026-34986, ghsa-6v2p-p943-phr9, ghsa-78h2-9frx-2jm8, ghsa-c6gw-w398-hv78, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-p754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gw88-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.15.0-r1, 1.19.0-r0, 1.19.1-r0

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References14
OSV
OSV
added 2026/05/18 12:57 p.m.11 views

CLEANSTART-2026-CR00119 Security fixes for CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6v2p-p943-phr9, ghsa-78h2-9frx-2jm8, ghsa-c6gw-w398-hv78, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-p754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gw88-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.15.0-r1, 1.19.0-r0, 1.19.1-r0, 1.19.1-r1

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References36
RedhatCVE
RedhatCVE
added 2026/05/04 6:28 a.m.13 views

CVE-2026-40971

A flaw was found in Spring Boot. When configured to use an SSL Secure Sockets Layer bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. This vulnerability could allow an attacker on the same network to intercept or alter...

9.1CVSS5.7AI score0.00157EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-40971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker...

9.1CVSS6AI score0.00157EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/29 10:52 a.m.10 views

Improper Hostname Verification

Spring Boot is vulnerable to improper hostname verification. The vulnerability is due to missing hostname verification in SSL bundle configuration, which allows an attacker to perform man-in-the-middle attacks by impersonating the RabbitMQ broker...

9.1CVSS5.2AI score0.00157EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/04/28 12:31 a.m.6 views

GHSA-9VC8-QPPQ-WVXC Spring Boot's RabbitMQ auto-configuration doesn't perform hostname verification when connecting to the RabbitMQ broker

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

5CVSS5.8AI score0.00157EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/28 12:31 a.m.10 views

Spring Boot's RabbitMQ auto-configuration doesn't perform hostname verification when connecting to the RabbitMQ broker

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

9.1CVSS5.8AI score0.00157EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/27 11:16 p.m.30 views

CVE-2026-40971

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

9.1CVSS0.00157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 10:45 p.m.2 views

CVE-2026-40971

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

5CVSS5.2AI score0.00157EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/27 10:45 p.m.4 views

CVE-2026-40971

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

5CVSS5.2AI score0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 10:45 p.m.36 views

EUVD-2026-25930

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

5CVSS5.2AI score0.00157EPSS
Exploits0References1
Rows per page
Query Builder