Vulnerabilities > Apache > Zookeeper > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-21 | CVE-2018-8012 | Missing Authorization vulnerability in multiple products No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. | 7.5 |
| 2017-10-10 | CVE-2017-5637 | Missing Authentication for Critical Function vulnerability in multiple products Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. | 7.5 |
| 2016-09-21 | CVE-2016-5017 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Zookeeper Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string. | 8.1 |