Search CVE reports


Toggle filters

11 – 20 of 20 results


CVE-2018-1279

Low priority
Needs evaluation

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology...

1 affected package

rabbitmq-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rabbitmq-server Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2017-4967

Negligible priority
Vulnerable

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and...

1 affected package

rabbitmq-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rabbitmq-server Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2017-4966

Low priority

Some fixes available 1 of 3

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and...

1 affected package

rabbitmq-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rabbitmq-server Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-4965

Negligible priority
Vulnerable

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and...

1 affected package

rabbitmq-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rabbitmq-server Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2016-9877

High priority

Some fixes available 2 of 4

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication...

1 affected package

rabbitmq-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rabbitmq-server Fixed
Show less packages

CVE-2015-8786

Negligible priority
Vulnerable

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

1 affected package

rabbitmq-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rabbitmq-server Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2014-9650

Low priority
Ignored

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to...

1 affected package

rabbitmq-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rabbitmq-server Not affected Not affected
Show less packages

CVE-2014-9649

Negligible priority
Ignored

Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled...

1 affected package

rabbitmq-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rabbitmq-server Not affected Not affected
Show less packages

CVE-2014-9494

Low priority
Ignored

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

1 affected package

rabbitmq-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rabbitmq-server
Show less packages

CVE-2015-0862

Negligible priority
Ignored

Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a...

1 affected package

rabbitmq-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rabbitmq-server Not affected Not affected
Show less packages