pkg:Debian/activemq

43 total CVEsCRITICAL5HIGH17MEDIUM16LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2023-46604⚠ KEVApache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
    from 0, < 5.16.1-1+deb11u1
  • CRITICAL9.8CVE-2016-3088⚠ KEVImproper Input Validation in Apache ActiveMQ
    from 0, < 5.14.0+dfsg-1
  • HIGH8.8CVE-2026-34197⚠ KEVApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
    from 0
  • CRITICAL9.8CVE-2014-3600Improper Restriction of XML External Entity Reference in Apache ActiveMQ
    from 0, < 5.6.0+dfsg1-4
  • CRITICAL9.8CVE-2015-5254activemq - security update
    from 0, < 5.6.0+dfsg-1+deb7u2
  • CRITICAL9.8CVE-2015-5254activemq - security update
    from 0, < 5.13.2+dfsg-1
  • HIGH8.8CVE-2026-49157Incorrect Default Permissions vulnerability in Apache ActiveMQ.
    from 0
  • HIGH8.8CVE-2026-45505Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache Active…
    from 0
  • HIGH8.8CVE-2026-41044Apache ActiveMQ Vulnerable to Code Injection
    from 0
  • HIGH8.8CVE-2026-40466Apache ActiveMQ Vulnerable to Improper Input Validation and Code Injection
    from 0
  • HIGH8.8CVE-2022-41678Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE
    from 0, < 5.16.1-1+deb11u1
  • HIGH8.8CVE-2022-41678Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE
    from 0, < 5.16.1-1+deb11u1
  • HIGH8.8CVE-2022-41678Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE
    from 0, < 5.17.2+dfsg-2+deb12u1
  • HIGH8.1CVE-2026-42588Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache Active…
    from 0
  • HIGH7.5CVE-2026-39304Apache ActiveMQ: Denial of Service via Out of Memory vulnerability
    from 0
  • HIGH7.5CVE-2025-27533Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation
    from 0, < 5.16.1-1+deb11u2
  • HIGH7.5CVE-2025-27533Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation
    from 0, < 5.16.1-1+deb11u2
  • HIGH7.5CVE-2014-3576activemq - security update
    from 0, < 5.6.0+dfsg1-4+deb8u1
  • HIGH7.5CVE-2014-3576activemq - security update
    from 0, < 5.6.0+dfsg-1+deb7u1
  • HIGH7.5CVE-2021-26117ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind
    from 0, < 5.16.1-1
  • HIGH7.5CVE-2019-0222mqtt-client - security update
    from 0, < 5.15.9-1
  • HIGH7.4CVE-2018-11775Improper Certificate Validation in Apache activemq-client
    from 0, < 5.15.6-1
  • MEDIUM6.5CVE-2026-41043Apache ActiveMQ Vulnerable to Cross-site Scripting
    from 0
  • MEDIUM6.1CVE-2026-42253Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web.
    from 0
  • MEDIUM6.1CVE-2016-6810Improper Neutralization of Input During Web Page Generation Apache ActiveMQ
    from 0, < 5.14.2+dfsg-1
  • MEDIUM6.1CVE-2020-13947Cross-site scripting (XSS) in Apache ActiveMQ
    from 0, < 5.16.1-1
  • MEDIUM6.1CVE-2020-1941Apache ActiveMQ webconsole admin GUI is open to XSS
    from 0, < 5.16.0-1
  • MEDIUM6.1CVE-2018-8006Apache ActiveMQ web console vulnerable to Cross-site Scripting
    from 0, < 5.15.6-1
  • MEDIUM5.9CVE-2026-49270Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.
    from 0
  • MEDIUM5.9CVE-2020-13920activemq - security update
    from 0, < 5.14.3-3+deb9u1
  • MEDIUM5.9CVE-2020-13920activemq - security update
    from 0, < 5.15.16-0+deb10u1
  • MEDIUM5.9CVE-2020-13920activemq - security update
    from 0, < 5.16.0-1
  • MEDIUM5.4CVE-2025-66168Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated
    from 0
  • MEDIUM5.4CVE-2016-0782Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
    from 0, < 5.13.2+dfsg-1
  • MEDIUM4.9CVE-2015-7559activemq - security update
    from 0, < 5.6.0+dfsg-1+deb7u3
  • MEDIUM4.9CVE-2015-7559activemq - security update
    from 0, < 5.14.3-3
  • MEDIUM4.3CVE-2026-46605Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing d…
    from 0
  • MEDIUM4.3CVE-2026-33227Apache ActiveMQ: Improper validation and restriction of a classpath path name
    from 0
  • LOW3.7CVE-2017-15709activemq - security update
    from 0, < 5.15.3-1
  • LOW3.7CVE-2017-15709activemq - security update
    from 0, < 5.14.3-3+deb9u2
  • CVE-2011-4905Denial of Service in Apache ActiveMQ
    from 0, < 5.5.0+dfsg-5
  • CVE-2015-6524Improper Input Validation in Apache ActiveMQ
    from 0, < 5.6.0+dfsg1-4
  • CVE-2014-3612Improper Authentication in Apache WSS4J
    from 0, < 5.6.0+dfsg1-4