Lucene search
+L

57 matches found

CVE
CVE
added 2026/06/30 9:53 a.m.15 views

CVE-2026-50734

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, and Apache ActiveMQ All allows an unauthenticated network attacker to cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The broker may allocate memor...

7.5CVSS5.7AI score0.00796EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 9:51 a.m.41 views

CVE-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

0.00707EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 9:49 a.m.13 views

CVE-2026-53917

CVE-2026-53917 describes an unbounded memory allocation vulnerability in OpenWire property unmarshalling in Apache ActiveMQ and related builds. An authenticated user can send a crafted OpenWire Message with a very large encoded size value for a message property map, causing OpenWire maps to be un...

7.5CVSS5.7AI score0.00796EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-32642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to crea...

4.3CVSS5.8AI score0.0047EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/24 9:30 a.m.6 views

org.apache.artemis:apache-artemis (>=2.50.0 <=2.52.0), org.apache.artemis:artemis-features (>=2.50.0 <=2.52.0) +1 more potentially affected by CVE-2026-32642 via org.apache.artemis:artemis-openwire-protocol (>=2.50.0 <=2.52.0)

org.apache.artemis:artemis-openwire-protocol MAVEN version =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.52.0 Source cves: CVE-2026-32642 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-15791525...

4.3CVSS5.8AI score0.0047EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/24 9:30 a.m.9 views

com.io7m.jsay:com.io7m.jsay (=0.0.2), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +5 more potentially affected by CVE-2026-32642 via org.apache.activemq:artemis-openwire-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-openwire-protocol MAVEN version =2.0.0, =1.14.2, =0.1.0, =0.1.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-32642 Source advisory: OSV:GHSA-F4GC-MWRG-Q36R...

4.3CVSS5.8AI score0.0047EPSS
Exploits0
Snyk
Snyk
added 2026/03/24 9:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempts to create a non-durable JMS topic subscription on a non-existent addres...

4.3CVSS5.9AI score0.0047EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 9:30 a.m.2 views

Incorrect Authorization

Overview org.apache.activemq:artemis-openwire-protocol is a package for activemq. Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempt...

4.3CVSS5.9AI score0.0047EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/24 9:30 a.m.7 views

com.io7m.jsay:com.io7m.jsay (=0.0.2), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +5 more potentially affected by CVE-2026-32642 via org.apache.activemq:artemis-openwire-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-openwire-protocol MAVEN version =2.0.0, =1.14.2, =0.1.0, =0.1.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-32642 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15791526...

4.3CVSS5.8AI score0.0047EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/24 9:30 a.m.8 views

org.apache.artemis:apache-artemis (>=2.50.0 <=2.52.0), org.apache.artemis:artemis-features (>=2.50.0 <=2.52.0) +1 more potentially affected by CVE-2026-32642 via org.apache.artemis:artemis-openwire-protocol (>=2.50.0 <=2.52.0)

org.apache.artemis:artemis-openwire-protocol MAVEN version =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.52.0 Source cves: CVE-2026-32642 Source advisory: OSV:GHSA-F4GC-MWRG-Q36R...

4.3CVSS5.8AI score0.0047EPSS
Exploits0
OSV
OSV
added 2026/03/24 9:30 a.m.6 views

GHSA-F4GC-MWRG-Q36R Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS5.8AI score0.0047EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/24 9:30 a.m.7 views

Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

4.3CVSS5.8AI score0.0047EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2026/03/24 8:16 a.m.4 views

CVE-2026-32642

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

4.3CVSS5.8AI score0.0047EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 8:16 a.m.10 views

UBUNTU-CVE-2026-32642

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

4.3CVSS5.8AI score0.0047EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:53 a.m.4 views

CVE-2026-32642

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS5.8AI score0.0047EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/03/24 7:53 a.m.19 views

CVE-2026-32642

CVE-2026-32642 is an authorization bypass in Apache Artemis/ActiveMQ Artemis OpenWire handling: when an authenticated user with createDurableQueue but without createAddress attempts to create a non-durable JMS topic subscription on a non-existent address and address auto-creation is disabled, a t...

4.3CVSS5.8AI score0.0047EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 7:53 a.m.13 views

CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS5.8AI score0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 7:53 a.m.31 views

CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS0.0047EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 7:53 a.m.5 views

CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS6AI score0.0047EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26884

Name of the Vulnerable Software and Affected Versions Apache Artemis versions 2.50.0 through 2.52.0 Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0 Description An authorization issue exists in Apache Artemis and Apache ActiveMQ Artemis. Specifically, when an application utilizing the OpenWi...

4.3CVSS5.2AI score0.0047EPSS
Exploits0References10
Rows per page
Query Builder