cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-22116,https://securityvulnerability.io/vulnerability/CVE-2021-22116,,RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.,Vmware,RabbitMQ,7.5,HIGH,0.0011899999808520079,false,false,false,false,,false,false,2021-06-08T11:23:58.000Z,0
CVE-2021-22117,https://securityvulnerability.io/vulnerability/CVE-2021-22117,,"RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.",Vmware,RabbitMQ,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-05-18T12:47:11.000Z,0
CVE-2020-5419,https://securityvulnerability.io/vulnerability/CVE-2020-5419,RabbitMQ arbitrary code execution using local binary planting,RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.,Vmware Tanzu,RabbitMQ,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2020-08-31T15:15:00.000Z,0
CVE-2014-9649,https://securityvulnerability.io/vulnerability/CVE-2014-9649,,"Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.",Vmware,RabbitMQ,,,0.0022899999748915434,false,false,false,false,,false,false,2015-01-27T17:00:00.000Z,0
CVE-2014-9650,https://securityvulnerability.io/vulnerability/CVE-2014-9650,,CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.,Vmware,RabbitMQ,,,0.0036200000904500484,false,false,false,false,,false,false,2015-01-27T17:00:00.000Z,0