CVE-2023-45321

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

EUVD-2011-2898

Malware in sbrugna...

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (>=2.11.0 <=2.11.4) +3 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.4)

org.apache.pulsar:pulsar-broker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.4 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...

org.apache.pulsar:pulsar-server-distribution (=3.1.0) potentially affected by CVE-2023-51437 via org.apache.pulsar:pulsar-broker-auth-sasl (=3.1.0)

org.apache.pulsar:pulsar-broker-auth-sasl MAVEN version =3.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker-auth-sasl and may be impacted: - org.apache.pulsar:pulsar-server-distribution =3.1.0 Source cves:...

qpid-cpp-server-cluster: unauthorized broker access caused by the use of NullAuthenticator catch-up shadow connections

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...

CVE-2011-2925

CVE-2011-2925 affects Red Hat Enterprise MRG Grid 2.0 (and related Messaging/Realtime components). The root cause is that Cumin logs broker authentication credentials to its log file, allowing a local user to bypass authentication and perform actions on jobs and queues via a direct broker connect...