Every CVE whose affected-product data names Apache Qpid, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2011-3620 — CVSS 7.5 (high): Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to…
CVE-2015-0224 — CVSS 7.5 (high): qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence…
CVE-2019-0223 — CVSS 7.4 (high): While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and…
CVE-2012-4446 — CVSS 6.8 (medium): The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without…
CVE-2015-0203 — CVSS 6.5 (medium): The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP…
CVE-2013-1909 — CVSS 5.8 (medium): The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name…
CVE-2012-4459 — CVSS 5.0 (medium): Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a…
CVE-2012-2145 — CVSS 5.0 (medium): Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of…
CVE-2012-3467 — CVSS 5.0 (medium): Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which…
CVE-2012-4458 — CVSS 5.0 (medium): The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server…
CVE-2009-5005 — CVSS 5.0 (medium): The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other…
CVE-2012-4460 — CVSS 5.0 (medium): The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause…
CVE-2015-0223 — CVSS 5.0 (medium): Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown…
CVE-2010-3083 — CVSS 4.3 (medium): sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled…
CVE-2014-3629 — CVSS 4.3 (medium): XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP…
CVE-2009-5006 — CVSS 4.0 (medium): The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid…