Known Vulnerabilities for Qpid by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Qpid" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-0223 | While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C... | 7.4 - HIGH | 2019-04-23 | 2023-11-07 |
| CVE-2015-0224 | qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted proto... | 7.5 - HIGH | 2017-10-30 | 2023-11-07 |
| CVE-2015-0223 | Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via ... | 5 - MEDIUM | 2015-02-02 | 2018-01-05 |
| CVE-2015-0203 | The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash... | 6.5 - MEDIUM | 2018-02-21 | 2018-03-18 |
| CVE-2014-3629 | XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgo... | 4.3 - MEDIUM | 2014-11-17 | 2018-10-09 |
| CVE-2013-1909 | The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's C... | 5.8 - MEDIUM | 2013-08-23 | 2021-07-15 |
| CVE-2012-4458 | The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumptio... | 5 - MEDIUM | 2013-03-14 | 2013-03-19 |
| CVE-2012-4446 | The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connec... | 6.8 - MEDIUM | 2013-03-14 | 2013-03-19 |
| CVE-2012-3467 | Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP br... | 5 - MEDIUM | 2012-08-27 | 2017-08-29 |
| CVE-2012-2145 | Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a... | 5 - MEDIUM | 2012-09-28 | 2017-08-29 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Qpid | 6.1.7 | All | All | All |
| Application | Apache | Qpid | 6.1.6 | All | All | All |
| Application | Apache | Qpid | 6.1.5 | All | All | All |
| Application | Apache | Qpid | 6.1.4 | All | All | All |
| Application | Apache | Qpid | 6.1.3 | All | All | All |
| Application | Apache | Qpid | 6.1.2 | All | All | All |
| Application | Apache | Qpid | 6.1.1 | All | All | All |
| Application | Apache | Qpid | 6.1.0 | All | All | All |
| Application | Apache | Qpid | 6.0.8 | All | All | All |
| Application | Apache | Qpid | 6.0.7 | All | All | All |
| Application | Apache | Qpid | 6.0.6 | All | All | All |
| Application | Apache | Qpid | 6.0.5 | All | All | All |
| Application | Apache | Qpid | 6.0.4 | All | All | All |
| Application | Apache | Qpid | 6.0.3 | All | All | All |
| Application | Apache | Qpid | 6.0.1 | All | All | All |
| Application | Apache | Qpid | 0.9 | All | All | All |
| Application | Apache | Qpid | 0.8 | All | All | All |
| Application | Apache | Qpid | 0.7 | All | All | All |
| Application | Apache | Qpid | 0.6 | All | All | All |
| Application | Apache | Qpid | 0.5 | All | All | All |