Vulnerabilities > Apache > Zookeeper

DATE CVE VULNERABILITY TITLE RISK
2023-10-11 CVE-2023-44981 Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper.
network
low complexity
apache debian CWE-639
critical
9.1
2021-03-09 CVE-2021-21295 HTTP Request Smuggling vulnerability in multiple products
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
high complexity
netty netapp debian quarkus apache oracle CWE-444
5.9
2019-05-23 CVE-2019-0201 Missing Authorization vulnerability in multiple products
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta.
network
high complexity
apache debian redhat oracle netapp CWE-862
5.9
2018-05-21 CVE-2018-8012 Missing Authorization vulnerability in multiple products
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta.
network
low complexity
apache debian oracle CWE-862
7.5
2017-10-10 CVE-2017-5637 Missing Authentication for Critical Function vulnerability in multiple products
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests.
network
low complexity
apache debian CWE-306
7.5
2016-09-21 CVE-2016-5017 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Zookeeper
Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.
network
high complexity
apache CWE-119
8.1