Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20236 | 3 Fedoraproject, Redhat, Zeromq | 4 Fedora, Ceph Storage, Enterprise Linux and 1 more | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
CVE-2014-7202 | 1 Zeromq | 1 Zeromq | 2017-09-07 | 4.3 MEDIUM | N/A |
stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. | |||||
CVE-2014-7203 | 1 Zeromq | 1 Zeromq | 2017-09-07 | 4.3 MEDIUM | N/A |
libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. | |||||
CVE-2014-9721 | 1 Zeromq | 1 Zeromq | 2017-01-02 | 4.3 MEDIUM | N/A |
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. |