Vulnerabilities > Apache > Bookkeeper

DATE CVE VULNERABILITY TITLE RISK
2022-12-15 CVE-2022-32531 Improper Certificate Validation vulnerability in Apache Bookkeeper
The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails.
network
high complexity
apache CWE-295
5.9
2021-04-21 CVE-2020-23922 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in giflib through 5.1.4.
local
low complexity
giflib-project apache CWE-125
7.1
2021-01-26 CVE-2020-36230 Reachable Assertion vulnerability in multiple products
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
network
low complexity
openldap debian apple apache CWE-617
7.5
2019-12-24 CVE-2019-19924 Improper Handling of Exceptional Conditions vulnerability in multiple products
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c.
network
low complexity
sqlite siemens apache oracle netapp CWE-755
5.3
2019-12-20 CVE-2019-17571 Deserialization of Untrusted Data vulnerability in multiple products
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data.
network
low complexity
apache debian canonical opensuse netapp oracle CWE-502
critical
9.8
2019-12-19 CVE-2019-19906 Off-by-one Error vulnerability in multiple products
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet.
7.5
2017-05-22 CVE-2017-6891 Out-of-bounds Write vulnerability in multiple products
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g.
network
low complexity
gnu debian apache CWE-787
8.8