qpid-proton-c vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the qpid-proton-c package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Reliance on Untrusted Inputs in a Security Decision

<0:0.28.0-3.el7
  • H
Directory Traversal

<0:0.28.0-3.el7
  • H
Incorrect Default Permissions

<0:0.28.0-3.el7
  • H
Improper Validation of Certificate with Host Mismatch

<0:0.28.0-3.el7
  • H
Improper Input Validation

<0:0.28.0-3.el7
  • H
HTTP Request Smuggling

<0:0.28.0-3.el7
  • H
Cross-site Scripting (XSS)

<0:0.28.0-3.el7
  • H
Eval Injection

<0:0.28.0-3.el7
  • H
HTTP Response Splitting

<0:0.28.0-3.el7
  • H
Improper Authentication

<0:0.28.0-3.el7
  • H
Insufficiently Protected Credentials

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Improper Input Validation

<0:0.28.0-3.el7
  • H
Improperly Implemented Security Check for Standard

<0:0.28.0-3.el7
  • H
Cross-site Scripting (XSS)

<0:0.28.0-3.el7
  • H
CVE-2018-3258

<0:0.28.0-3.el7
  • H
Missing Authorization

<0:0.28.0-3.el7
  • M
Information Exposure Through Log Files

<0:0.26.0-3.el7
  • M
Cross-site Scripting (XSS)

<0:0.26.0-3.el7
  • M
Cross-site Scripting (XSS)

<0:0.26.0-3.el7
  • M
Cross-site Scripting (XSS)

<0:0.26.0-3.el7
  • M
Cross-site Scripting (XSS)

<0:0.19.0-1.el7cf
  • M
Information Exposure

<0:0.28.0-4.el7
  • M
Missing Authorization

<0:0.28.0-4.el7
  • M
Information Exposure Through Log Files

<0:0.28.0-4.el7
  • H
Information Exposure

<0:0.16.0-12.el7sat
  • H
SQL Injection

<0:0.16.0-12.el7sat
  • H
Information Exposure

<0:0.16.0-12.el7sat
  • H
Deserialization of Untrusted Data

<0:0.16.0-12.el7sat
  • H
Cross-site Scripting (XSS)

<0:0.16.0-12.el7sat
  • H
Cross-site Scripting (XSS)

<0:0.16.0-12.el7sat
  • H
XML External Entity (XXE) Injection

<0:0.16.0-12.el7sat
  • H
Information Exposure

<0:0.16.0-12.el7sat
  • H
Improper Input Validation

<0:0.28.0-3.el7
  • H
Use of a Broken or Risky Cryptographic Algorithm

<0:0.16.0-12.el7sat
  • H
Cross-site Scripting (XSS)

<0:0.28.0-3.el7
  • H
Improper Access Control

<0:0.16.0-12.el7sat
  • H
Missing Required Cryptographic Step

<0:0.16.0-12.el7sat
  • H
Missing Required Cryptographic Step

<0:0.16.0-12.el7sat
  • H
Information Exposure

<0:0.16.0-12.el7sat
  • H
Covert Timing Channel

<0:0.16.0-12.el7sat
  • H
Incorrect Calculation

<0:0.16.0-12.el7sat
  • H
Missing Required Cryptographic Step

<0:0.16.0-12.el7sat
  • H
Missing Required Cryptographic Step

<0:0.16.0-12.el7sat
  • H
Missing Required Cryptographic Step

<0:0.16.0-12.el7sat
  • M
Information Exposure

<0:0.28.0-4.el7
  • M
Directory Traversal

<0:0.26.0-3.el7
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<0:0.16.0-12.el7sat
  • H
Improper Certificate Validation

<0:0.16.0-12.el7sat
  • M
Cross-site Scripting (XSS)

<0:0.19.0-1.el7cf
  • M
Improper Input Validation

<0:0.9-16.el7
  • M
Incorrect Permission Assignment for Critical Resource

<0:0.9-16.el7
  • M
Race Condition

<0:0.9-16.el7
  • M
Insecure Temporary File

<0:0.9-16.el7
  • M
Incorrect Permission Assignment for Critical Resource

<0:0.9-16.el7
  • M
Cross-site Scripting (XSS)

<0:0.9-16.el7
  • M
Cleartext Transmission of Sensitive Information

<0:0.9-16.el7
  • M
CVE-2013-6668

<0:0.16.0-7.el7
  • H
Improper Access Control

<0:0.16.0-12.el7sat
  • M
Incorrect Permission Assignment for Critical Resource

<0:0.28.0-1.el7
  • M
Cleartext Storage of Sensitive Information

<0:0.28.0-1.el7
  • M
Improper Authentication

<0:0.28.0-1.el7
  • H
Information Exposure

<0:0.16.0-12.el7sat
  • H
Improper Authorization

<0:0.28.0-2.el7
  • H
Cleartext Transmission of Sensitive Information

<0:0.28.0-2.el7
  • H
Improper Certificate Validation

<0:0.28.0-2.el7
  • H
Insufficiently Protected Credentials

<0:0.28.0-3.el7
  • H
Improper Input Validation

<0:0.16.0-12.el7sat
  • H
Improper Input Validation

<0:0.16.0-12.el7sat
  • H
Cross-site Scripting (XSS)

<0:0.16.0-12.el7sat
  • H
Improper Authentication

<0:0.28.0-3.el7
  • M
Cross-site Scripting (XSS)

<0:0.28.0-1.el7
  • H
Information Exposure

<0:0.28.0-3.el7
  • M
Information Exposure

<0:0.28.0-4.el7
  • H
Incorrect Default Permissions

<0:0.28.0-3.el7
  • M
Improper Access Control

<0:0.26.0-3.el7
  • M
SQL Injection

<0:0.28.0-4.el7
  • H
Improperly Implemented Security Check for Standard

<0:0.28.0-3.el7
  • H
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

<0:0.16.0-12.el7sat
  • M
Cross-site Scripting (XSS)

<0:0.19.0-1.el7cf
  • M
Cross-site Scripting (XSS)

<0:0.19.0-1.el7cf
  • M
Cross-site Scripting (XSS)

<0:0.19.0-1.el7cf
  • M
Cross-site Scripting (XSS)

<0:0.19.0-1.el7cf
  • M
XML External Entity (XXE) Injection

<0:0.19.0-1.el7cf
  • M
XML External Entity (XXE) Injection

<0:0.19.0-1.el7cf
  • H
Missing Authorization

<0:0.28.0-3.el7
  • M
Omission of Security-relevant Information

<0:0.16.0-7.el7
  • M
Omission of Security-relevant Information

*
  • H
Information Exposure

<0:0.16.0-12.el7sat
  • H
Improper Validation of Certificate with Host Mismatch

<0:0.28.0-3.el7
  • M
Execution with Unnecessary Privileges

<0:0.28.0-4.el7
  • H
HTTP Request Smuggling

<0:0.28.0-3.el7
  • H
HTTP Request Smuggling

<0:0.30.0-2.el7
  • H
HTTP Request Smuggling

<0:0.30.0-2.el7
  • H
HTTP Request Smuggling

<0:0.30.0-2.el7
  • M
Resource Exhaustion

<0:0.28.0-1.el7
  • M
Improper Resource Shutdown or Release

<0:0.32.0-2.el7
  • M
Resource Exhaustion

<0:0.32.0-2.el7
  • M
HTTP Request Smuggling

<0:0.33.0-6.el7_9
  • M
HTTP Request Smuggling

<0:0.33.0-6.el7_9
  • M
Information Exposure

<0:0.33.0-6.el7_9
  • H
Improperly Implemented Security Check for Standard

<0:0.16.0-14.el7sat
  • H
Improperly Implemented Security Check for Standard

<0:0.16.0-14.el7sat
  • H
Improperly Implemented Security Check for Standard

<0:0.16.0-14.el7sat
  • H
Improperly Implemented Security Check for Standard

<0:0.28.0-1.el7
  • H
Improperly Implemented Security Check for Standard

<0:0.27.0-3.el7
  • M
Improperly Implemented Security Check for Standard

<0:0.27.0-3.el7
  • H
Improperly Implemented Security Check for Standard

<0:0.28.0-1.el7
  • M
Improperly Implemented Security Check for Standard

*
  • M
Improperly Implemented Security Check for Standard

<0:0.27.0-3.el7
  • H
Improperly Implemented Security Check for Standard

<0:0.16.0-14.el7sat
  • H
Improperly Implemented Security Check for Standard

<0:0.16.0-14.el7sat
  • L
Out-of-Bounds

<0:0.31.0-3.el7
  • M
Out-of-Bounds

<0:0.28.0-4.el7
  • M
Information Exposure

<0:0.28.0-4.el7
  • M
Cross-site Request Forgery (CSRF)

<0:0.28.0-4.el7
  • H
Cross-site Scripting (XSS)

<0:0.28.0-3.el7
  • M
Cross-site Request Forgery (CSRF)

<0:0.28.0-4.el7
  • H
Improper Input Validation

<0:0.28.0-3.el7
  • M
Cross-site Scripting (XSS)

<0:0.28.0-4.el7
  • M
Improper Input Validation

<0:0.28.0-4.el7
  • M
Improper Input Validation

<0:0.28.0-4.el7
  • H
Eval Injection

<0:0.28.0-3.el7
  • H
Directory Traversal

<0:0.28.0-3.el7
  • H
HTTP Response Splitting

<0:0.28.0-3.el7
  • H
Incomplete Blacklist

<0:0.16.0-12.el7sat
  • H
Reliance on Untrusted Inputs in a Security Decision

<0:0.28.0-3.el7
  • M
Buffer Overflow

*
  • M
Resource Exhaustion

*
  • M
Incorrect Authorization

*
  • M
Integer Overflow or Wraparound

*
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

<0:0.19.0-1.el7cf
  • M
Cross-site Scripting (XSS)

<0:0.19.0-1.el7cf
  • H
Improper Input Validation

<0:0.9-21.el7
  • M
Resource Exhaustion

<0:0.16.0-7.el7
  • M
HTTP Response Splitting

<0:0.28.0-1.el7
  • H
CVE-2018-3258

<0:0.28.0-3.el7
  • M
Covert Timing Channel

<0:0.28.0-4.el7
  • H
Covert Timing Channel

<0:0.28.0-3.el7
  • M
Arbitrary Argument Injection

<0:0.28.0-1.el7
  • H
Out-of-Bounds

<0:0.16.0-12.el7sat
  • M
Improper Neutralization of Special Elements

<0:0.28.0-1.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-2.el7
  • M
CVE-2016-6346

<0:0.26.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • M
Improper Certificate Validation

<0:0.32.0-2.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • M
Improper Neutralization of Special Elements

<0:0.28.0-1.el7
  • M
Information Exposure

<0:0.28.0-4.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • M
Static Code Injection

<0:0.32.0-2.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-3.el7
  • M
Use After Free

<0:0.28.0-4.el7
  • H
Deserialization of Untrusted Data

<0:0.28.0-2.el7