Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache thrift vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-11798
The Apache Thrift Node.js static web server in versions 0.9.2 up to and including 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
Apache Thrift
7.5
CVSSv3
CVE-2020-13949
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Apache Thrift
Apache Hive
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Communications Cloud Native Core Policy 1.14.0
7.5
CVSSv3
CVE-2019-0210
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
Apache Thrift
Redhat Jboss Enterprise Application Platform 7.2.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
7.5
CVSSv3
CVE-2019-0205
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language ...
Apache Thrift
Redhat Jboss Enterprise Application Platform 7.2.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
7.5
CVSSv3
CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 up to and including 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in...
Apache Thrift
Debian Debian Linux 8.0
F5 Traffix Signaling Delivery Controller
Oracle Global Lifecycle Management Opatch
Oracle Nosql Database
9.8
CVSSv3
CVE-2021-38294
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x before 2.2.1 and Apache Storm 1.x before 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
Apache Storm
8.1
CVSSv3
CVE-2018-8025
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be conside...
Apache Hbase 0.92.0
Apache Hbase
7.5
CVSSv3
CVE-2017-5652
During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the approp...
Apache Impala 2.7.0
Apache Impala 2.8.0
9.8
CVSSv3
CVE-2023-20887
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
Vmware Vrealize Network Insight
1 Metasploit module
4 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started