CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS7.3AI score0.00771EPSS

Exploits1References5

vulnersOsv•added 2022/05/17 2:24 a.m.•2 views

com.itv:bucky-example_2.11 (>=0.10 <=1.4.5), com.itv:bucky-example_2.12 (>=0.10 <=1.4.5) +4 more potentially affected by CVE-2016-8741 via org.apache.qpid:qpid-broker (=6.0.4)

org.apache.qpid:qpid-broker MAVEN version =6.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.qpid:qpid-broker and may be impacted: - com.itv:bucky-example2.11 =0.10, =0.10, =0.10, =0.10, =1.4.5 - com.itv:bucky-wiring2.11 =1.4.5 -...

7.5CVSS6.7AI score0.00771EPSS

Exploits1

Veracode•added 2021/02/02 8:11 a.m.•7 views

Authentication Bypass

org.apache.qpid, qpid-broker is vulnerable to authentication bypass. The vulnerability exists due to the function TrustManger allowing all certificates to pass the verification...

3.5AI score

Exploits0

RedhatCVE•added 2020/05/27 9:36 p.m.•26 views

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...

8CVSS1.7AI score0.00175EPSS

Exploits0References2

NVD•added 2019/04/11 3:29 p.m.•16 views

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite or Capsule can use this fla...

8CVSS7.7AI score0.00175EPSS

Exploits0References2

Prion•added 2019/04/11 3:29 p.m.•16 views

Sql injection

5.2CVSS7.6AI score0.00175EPSS

Exploits0References2Affected Software1

CVE•added 2019/04/11 2:31 p.m.•126 views

CVE-2019-3845

CVE-2019-3845 affects Red Hat Satellite tools (qpid-dispatch-router). The root cause is exposed QMF methods via qdrouterd, enabling an attacker authenticated on a registered host to access QMF methods across registered hosts and execute privileged commands. Red Hat issued RHSA-2019:1223 to addres...

8CVSS7.5AI score0.00175EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/04/11 2:31 p.m.•23 views

CVE-2019-3845

8CVSS7.6AI score0.00175EPSS

Exploits0References2

AlpineLinux•added 2019/04/11 2:31 p.m.•3 views

CVE-2019-3845

8CVSS5.9AI score0.00175EPSS

Exploits0References2

RedHat Linux•added 2019/04/09 5:23 p.m.•2 views

katello-installer-base: QMF methods exposed to goferd via qdrouterd

8CVSS5.8AI score0.00175EPSS

Exploits0References4

BDU FSTEC•added 2019/03/22 12:0 a.m.•1 views

The vulnerability of the Apache Qpid Broker-J messaging system, which exists due to insufficient validation of input data, allows a perpetrator to trigger a service failure.

The Apache Qpid Broker-J system has vulnerabilities due to insufficient validation of input data. Exploiting these vulnerabilities can allow a malicious actor to cause service failures remotely...

7.8CVSS7.2AI score0.02923EPSS

Exploits0References3Affected Software1

OSV•added 2019/03/07 6:48 p.m.•19 views

GHSA-C9H6-XHG9-XXRV Improper Input Validation in Apache Qpid Broker-J

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 inclusive and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 AMQP 0-8, 0-9, 0-91 and 0-10. Users of...

7.5CVSS7.5AI score0.02923EPSS

Exploits0References4