Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quorum vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.c...
Apache Zookeeper 3.9.0
Apache Zookeeper
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
9.1
CVSSv3
CVE-2021-23005
On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software Dev...
F5 Big-iq Centralized Management
9.1
CVSSv3
CVE-2020-3158
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote malicious user to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a def...
Cisco Smart Software Manager On-prem
1 Article
8.1
CVSSv3
CVE-2021-37447
In NCH Quorum v2.03 and previous versions, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.
Nchsoftware Quorum
7.5
CVSSv3
CVE-2022-31198
OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affe...
Openzeppelin Contracts
Openzeppelin Contracts Upgradeable
1 Github repository
7.5
CVSSv3
CVE-2021-22995
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are ...
F5 Big-iq Centralized Management
7.5
CVSSv3
CVE-2018-8012
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper prior to 3.4.10, and 3.5.0-alpha up to and including 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the lead...
Apache Zookeeper 3.5.3
Apache Zookeeper 3.5.0
Apache Zookeeper
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Oracle Goldengate Stream Analytics
6.5
CVSSv3
CVE-2021-37445
In NCH Quorum v2.03 and previous versions, an authenticated user can use directory traversal via logprop?file=/.. for file reading.
Nchsoftware Quorum
5.5
CVSSv3
CVE-2021-37452
NCH Quorum v2.03 and previous versions allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.
Nch Quorum
5.4
CVSSv3
CVE-2021-37464
In NCH Quorum v2.03 and previous versions, XSS exists via Conference Description (stored).
Nchsoftware Quorum
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »