Lucene search
K

160 matches found

Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-60063

Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description The io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame. While the maxLineLength parameter restricts the length of...

7.5CVSS6.1AI score
Exploits0References4
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS6.1AI score0.00796EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-49432 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6.1AI score0.00844EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Apache ActiveMQ < 5.19.8 / 6.x < 6.2.7 Multiple Vulnerabilities

The version of Apache ActiveMQ running on the remote host is prior to 5.19.8 or 6.x prior to 6.2.7. It is, therefore, affected by multiple vulnerabilities: - Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that...

8.1CVSS6.2AI score0.00844EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a...

7.5CVSS6.2AI score0.00796EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed...

7.5CVSS6.2AI score0.00844EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 5:33 p.m.13 views

CVE-2026-49432

A flaw was found in Apache ActiveMQ. A remote, unauthenticated attacker can exploit an improper input validation vulnerability by sending a specially crafted message with a negative content-length to an exposed STOMP connector. This can lead to a denial of service DoS condition, either by consumi...

7.5CVSS5.6AI score0.00844EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/30 12:25 p.m.4 views

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via the STOMP protocol when a remote unauthenticated peer sends a negative content-length value. An attacker can exhaust system resources or force abnormal connection closure by continuously streamin...

7.5CVSS6AI score0.00844EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 a.m.8 views

CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS0.00796EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.2 views

DEBIAN-CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:16 a.m.4 views

DEBIAN-CVE-2026-49432

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS5.9AI score0.00844EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:16 a.m.11 views

CVE-2026-49432

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS0.00844EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.4 views

UBUNTU-CVE-2026-49432

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6AI score0.00844EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:16 a.m.4 views

UBUNTU-CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 9:54 a.m.39 views

CVE-2026-49432 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

0.00844EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 9:54 a.m.14 views

CVE-2026-49432

CVE-2026-49432 affects Apache ActiveMQ, including ActiveMQ All and ActiveMQ Stomp, due to improper input validation on STOMP exposure. A remote unauthenticated attacker can trigger denial-of-service by sending a negative content-length to an exposed STOMP connector. On the NIO STOMP transport, an...

7.5CVSS6AI score0.00844EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/30 9:54 a.m.7 views

EUVD-2026-40284

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6AI score0.00844EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 9:54 a.m.3 views

CVE-2026-49432 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6.1AI score0.00844EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 9:49 a.m.8 views

EUVD-2026-40278

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 9:49 a.m.4 views

CVE-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS6.1AI score0.00796EPSS
Exploits0References5
Rows per page
Query Builder