Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thrift vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-20887
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
Vmware Vrealize Network Insight
4 Github repositories
1 Article
670
VMScore
CVE-2021-38294
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x before 2.2.1 and Apache Storm 1.x before 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
Apache Storm
436
VMScore
CVE-2021-35521
A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices prior to 2.6.2 allows remote authenticated malicious users to achieve denial of services and information disclosure via TCP/IP packets.
Idemia Morphowave Compact Mdpi Firmware
Idemia Morphowave Compact Mdpi-m Firmware
Idemia Visionpass Mdpi Firmware
Idemia Visionpass Mdpi-m Firmware
Idemia Visionpass Md Firmware -
Idemia Morphowave Compact Md Firmware -
801
VMScore
CVE-2021-35522
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices prior to 2.6.2, Sigma devices prior to 4.9.4, and MA VP MD devices prior to 4.9.7 allows remote malicious users to achieve code execution, denial of services, and information disclos...
Idemia Morphowave Compact Mdpi Firmware
Idemia Morphowave Compact Mdpi-m Firmware
Idemia Visionpass Mdpi Firmware
Idemia Visionpass Mdpi-m Firmware
Idemia Visionpass Md Firmware -
Idemia Morphowave Compact Md Firmware -
Idemia Sigma Lite Firmware -
Idemia Sigma Lite\\+ Firmware -
Idemia Sigma Wide Firmware -
Idemia Sigma Extreme Firmware -
Idemia Ma Vp Md Firmware -
409
VMScore
CVE-2021-35520
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices prior to 2.6.2 allows physically proximate authenticated malicious users to achieve code execution, denial of services, and information disclosure via serial ports.
Idemia Morphowave Compact Mdpi Firmware
Idemia Morphowave Compact Mdpi-m Firmware
Idemia Visionpass Mdpi Firmware
Idemia Visionpass Mdpi-m Firmware
668
VMScore
CVE-2021-24028
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
445
VMScore
CVE-2020-13949
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Apache Thrift
Apache Hive
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Communications Cloud Native Core Policy 1.14.0
445
VMScore
CVE-2019-11939
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This i...
Facebook Thrift
445
VMScore
CVE-2019-11938
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This iss...
Facebook Thrift
445
VMScore
CVE-2019-3553
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issu...
Facebook Thrift
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »