Skip to main content

Bookkeeper

5 CVEs product

Monthly

CVE-2022-32531 LIB MEDIUM PATCH This Month

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Apache Information Disclosure Bookkeeper
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-19924 MEDIUM PATCH This Month

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sqlite Sinec Infrastructure Network Services Bookkeeper Mysql Workbench +1
NVD GitHub
CVSS 3.1
5.3
EPSS
7.9%
CVE-2019-17571 Maven CRITICAL PATCH GHSA Act Now

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8%.

Deserialization RCE Log4J Debian Linux Ubuntu Linux +14
NVD VulDB
CVSS 3.1
9.8
EPSS
33.8%
CVE-2019-19906 HIGH POC PATCH This Week

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Cyrus Sasl Debian Linux Ubuntu Linux Fedora +15
NVD GitHub
CVSS 3.1
7.5
EPSS
8.0%
CVE-2017-6891 HIGH PATCH This Week

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libtasn1 Debian Linux Bookkeeper
NVD
CVSS 3.1
8.8
EPSS
1.2%
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Apache Information Disclosure +1
NVD
EPSS 8% CVSS 5.3
MEDIUM PATCH This Month

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sqlite Sinec Infrastructure Network Services +3
NVD GitHub
EPSS 34% CVSS 9.8
CRITICAL PATCH Act Now

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8%.

Deserialization RCE Log4J +16
NVD VulDB
EPSS 8% CVSS 7.5
HIGH POC PATCH This Week

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Cyrus Sasl Debian Linux +17
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libtasn1 +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy