Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache zookeeper vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.c...
Apache Zookeeper 3.9.0
Apache Zookeeper
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
9.1
CVSSv3
CVE-2017-6711
A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote malicious user to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeepe...
Cisco Ultra Services Framework
8.8
CVSSv3
CVE-2021-25642
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache...
Apache Hadoop
1 Github repository
8.8
CVSSv3
CVE-2021-36162
Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules are loaded into the configuration center (eg: Zookeeper, Nacos, ...) and retrieved by the customers when making a request in order to find the right end...
Apache Dubbo
1 Github repository
7.5
CVSSv3
CVE-2023-50298
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 up to and including 8.11.2, from 9.0.0 prior to 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "...
Apache Solr
7.5
CVSSv3
CVE-2021-29262
When starting Apache Solr versions before 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would ...
Apache Solr
7.5
CVSSv3
CVE-2018-8012
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper prior to 3.4.10, and 3.5.0-alpha up to and including 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the lead...
Apache Zookeeper 3.5.3
Apache Zookeeper 3.5.0
Apache Zookeeper
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Oracle Goldengate Stream Analytics
7.3
CVSSv3
CVE-2015-1836
Apache HBase 0.98 prior to 0.98.12.1, 1.0 prior to 1.0.1.1, and 1.1 prior to 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote malicious users to cause a denial of...
Ibm Infosphere Biginsights 3.0.0.2
Ibm Infosphere Biginsights 3.0.0.0
Ibm Infosphere Biginsights 3.0.0.1
Apache Hbase 0.98.1
Apache Hbase 0.98.9
Apache Hbase 0.98.2
Apache Hbase 0.98.4
Apache Hbase 0.98.11
Apache Hbase 0.98.3
Apache Hbase 0.98.8
Apache Hbase 0.98.10
Apache Hbase 0.98.7
Apache Hbase 0.98.6.1
Apache Hbase 0.98.5
Apache Hbase 0.98.12
Apache Hbase 0.98.10.1
Apache Hbase 0.98.6
Apache Hbase 0.98.0
5.9
CVSSv3
CVE-2021-21295
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request ...
Netty Netty
Netapp Oncommand Workflow Automation -
Netapp Oncommand Api Services -
Debian Debian Linux 10.0
Quarkus Quarkus
Apache Kudu
Apache Zookeeper 3.5.9
Oracle Communications Cloud Native Core Policy 1.14.0
1 Github repository
5.9
CVSSv3
CVE-2019-0201
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string...
Apache Zookeeper 3.5.3
Apache Zookeeper 3.5.0
Apache Zookeeper
Apache Zookeeper 3.5.1
Apache Zookeeper 3.5.2
Apache Zookeeper 3.5.4
Apache Drill 1.16.0
Apache Activemq 5.15.9
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Fuse 1.0.0
Oracle Goldengate Stream Analytics
Oracle Siebel Core - Server Framework
Oracle Timesten In-memory Database
Netapp Hci Bootstrap Os -
Netapp Element Software -
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »