44 matches found
SUSE-SU-2026:20126-1 Security update for rabbitmq-server
This update for rabbitmq-server fixes the following issues: Changes in rabbitmq-server: Update to 4.1.5: Highlights - Khepri, an alternative schema data store developed to replace Mnesia, has matured and is now fully supported it previously was an experimental feature - AMQP 1.0 is now a core...
EUVD-2021-9274
Malicious code in bioql PyPI...
EUVD-2024-24351
Malicious code in bioql PyPI...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (collectd-sensubility) security update
An update for collectd-sensubility is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 8 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2767)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2767 advisory. This project provides the possibility to switch from the Sensu-based availability monitoring solution to a monitoring solution based on...
RHEL 9 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2730)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2730 advisory. This project aims to provide the possibility to switch from Sensu-based availability monitoring solution to a monitoring solution based on...
BIT-RABBITMQ-2021-22116
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugi...
CVE-2024-27099
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...
Double free
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...
CVE-2024-27099
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...
CVE-2024-27099
CVE-2024-27099 affects the Azure uAMQP C library (AMQP 1.0) and is caused by a double-free when processing an incorrect AMQP_VALUE failed state, which may lead to remote code execution. The vulnerability is addressed by updating the submodule to commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987. Se...
CVE-2024-27099
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...
CVE-2024-25110 Azure IoT Platform Device SDK Remote Code Execution Vulnerability
The UAMQP is a general purpose C library for AMQP 1.0. During a call to opengetofferedcapabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule...
CVE-2024-25110
The UAMQP is a general purpose C library for AMQP 1.0. During a call to opengetofferedcapabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule...
Mageia: Security Advisory (MGASA-2021-0390)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3325-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3325-1 advisory. - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page basic XSS in management UI bsc1187818. -...
openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:3325-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3325-1 advisory. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the...
SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3254-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3254-1 advisory. - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page basic XSS in management UI bsc1187818. -...
Updated rabbitmq-server packages fix security vulnerabilities
Updated rabbitmq-server packages fix security vulnerabilities: RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP...
FreeBSD : RabbitMQ -- Denial of Service via improper input validation (7003b62d-7252-46ff-a9df-1b1900f1e65b)
Jonathon Knudsen of Synopsys Cybersecurity Research Center reports : All versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious client can exploit the vulnerability by sending malicious AMQP...