EUVD-2019-13465

Malware in sbrugna...

com.holidaycheck:amqp-akka-streams_2.11 (>=1.3.1 <=2.0.0), com.holidaycheck:amqp-akka-streams_2.12 (>=1.3.1 <=2.0.0) +13 more potentially affected by CVE-2018-1000665 via org.dojotoolkit:dojo (>=1.10.3 <=1.12.3)

org.dojotoolkit:dojo MAVEN version =1.10.3, =1.3.1, =1.3.1, =0.10, =0.10, =0.10, =0.10, =1.0-RC1, =7.0.0, =0.32, =0.32, =7.0.6 Source cves: CVE-2018-1000665 Source advisory: OSV:GHSA-VMQ9-CM7M-4P8P...

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...

Sql injection

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite or Capsule can use this fla...

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite or Capsule can use this fla...

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite or Capsule can use this fla...

CVE-2019-3845

CVE-2019-3845 affects Red Hat Satellite tools (qpid-dispatch-router). The root cause is exposed QMF methods via qdrouterd, enabling an attacker authenticated on a registered host to access QMF methods across registered hosts and execute privileged commands. Red Hat issued RHSA-2019:1223 to addres...

com.holidaycheck:amqp-akka-streams_2.11 (>=1.3.1 <=2.0.0), com.holidaycheck:amqp-akka-streams_2.12 (>=1.3.1 <=2.0.0) +1 more potentially affected by CVE-2017-15701 via org.apache.qpid:qpid-broker (>=6.1.3 <=6.1.4)

org.apache.qpid:qpid-broker MAVEN version =6.1.3, =1.3.1, =1.3.1, =0.0.1, =0.0.35 Source cves: CVE-2017-15701 Source advisory: OSV:GHSA-4R7G-7CPJ-5JR7...

com.confluex:qpid-in-a-can (=0.2.0), com.dell.cpsd.common.messaging:common-testing (=1.5.0) +22 more potentially affected by CVE-2016-3094 via org.apache.qpid:qpid-broker (>=0.14 <=10.0.1)

org.apache.qpid:qpid-broker MAVEN version =0.14, =2.0.0, =1.0.0, =0.1, =0.1, =10.0.0, =0.14, =0.18, =0.18, =0.24 - org.apache.qpid:qpid-broker-plugins-amqp-0-10-protocol =0.24 - org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol =0.24 - org.apache.qpid:qpid-broker-plugins-amqp-1-0-protocol =0....

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

Apache Qpid Session.gap Denial of Service - Ver2 (CVE-2015-0203)

A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...

Apache Qpid Session.gap Denial of Service - ver 2 (CVE-2015-0203)

A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...

Apache Qpid Session.gap Denial of Service (CVE-2015-0203)

A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...