threat
engine
.sh
Back
·
··:··
Home
/
Product
/
apache qpid
Product
apache qpid
19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2014-0212
all versions
qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors
7.5
HIGH
CVE-2009-5004
all versions
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .
6.5
MEDIUM
CVE-2019-0223
>= 0.9 and <= 0.27.0
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C libr
7.4
HIGH
CVE-2015-0203
<= 0.30
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via
6.5
MEDIUM
CVE-2015-0224
<= 0.30
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol s
7.5
HIGH
CVE-2015-5164
all versions
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with admi
7.2
HIGH
CVE-2015-0223
<= 0.30
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unkno
CVE-2014-3629
all versions
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing H
CVE-2013-1909
<= 0.20
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common
CVE-2012-4460
<= 0.20
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers
CVE-2012-4459
<= 0.20
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to
CVE-2012-4458
<= 0.20
The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and
CVE-2012-4446
<= 0.20
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections
CVE-2012-2145
<= 0.17
Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a deni
CVE-2012-3467
<= 0.16
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers
CVE-2011-3620
all versions
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain acc
CVE-2009-5006
<= 0.5
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apach
CVE-2009-5005
<= 0.5
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other
CVE-2010-3083
all versions
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enab
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin