703 matches found
CVE-2026-10532 vulnerabilities
Vulnerabilities for packages: zookeeper-fips, cassandra, cassandra-reaper, sonar-scanner-cli, apache-nifi, dependency-track-apiserver, management-api-for-apache-cassandra-4.0, nextflow, cassandra-fips, nacos, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.1,...
GHSA-JHQ6-GFMJ-V8FX vulnerabilities
Vulnerabilities for packages: zookeeper-fips, cassandra, cassandra-reaper, sonar-scanner-cli, apache-nifi, dependency-track-apiserver, management-api-for-apache-cassandra-4.0, nextflow, cassandra-fips, nacos, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.1,...
CVE-2026-9828 vulnerabilities
Vulnerabilities for packages: zookeeper-fips, sonarqube, cassandra, cassandra-reaper, ontop-fips, sonar-scanner-cli, management-api-for-apache-cassandra-4.0, nextflow, cassandra-fips, nacos, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.1, knative-kafka-broker-fip...
GHSA-P47F-322F-WHFH vulnerabilities
Vulnerabilities for packages: zookeeper-fips, sonarqube, cassandra, cassandra-reaper, ontop-fips, sonar-scanner-cli, management-api-for-apache-cassandra-4.0, nextflow, cassandra-fips, nacos, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.1, knative-kafka-broker-fip...
Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing
A flaw was found in Apache ZooKeeper. The ZKTrustManager component's hostname verification process can fall back to reverse DNS PTR lookup when IP Subject Alternative Name SAN validation fails. This vulnerability allows an attacker who can control or spoof PTR records to impersonate ZooKeeper...
Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values
A flaw was found in Apache ZooKeeper. Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information. This occurs when sensitive client configuration values are logged at an INFO level in the client's logfile. This vulnerability can lead to information...
GHSA-47QP-HQVX-6R3F vulnerabilities
Vulnerabilities for packages: zookeeper-fips, spark-fips, apache-nifi, druid, spark-kubernetes-operator, hadoop-client-modules, apache-hop, kafka-fips, hadoop-fips, spark, kafka, apache-hop-fips, tez, apache-camel-karavan-devmode, zookeeper, confluent-kafka, apache-pulsar, pinot-fips,...
GHSA-2R2C-CX56-8933 vulnerabilities
Vulnerabilities for packages: zookeeper-fips, spark-fips, apache-nifi, druid, spark-kubernetes-operator, hadoop-client-modules, apache-hop, kafka-fips, hadoop-fips, spark, kafka, apache-hop-fips, tez, apache-camel-karavan-devmode, zookeeper, confluent-kafka, apache-pulsar, pinot-fips,...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache ZooKeeper
Summary Multiple vulnerabilities in Apache ZooKeeper that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2026-24281 DESCRIPTION: Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing...
CVE-2026-11746
A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...
CVE-2026-11746
A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...
CVE-2026-11746
CVE-2026-11746 affects centraldogma-server versions prior to 0.84.0. If ZooKeeper replication is enabled without setting replication.secret, the server falls back to a hard-coded, publicly known secret that authenticates the embedded ZooKeeper ensemble. This allows an attacker with network access...
EUVD-2026-38207
A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...
ROOT-APP-MAVEN-CVE-2026-24308 CVE-2026-24308 in io.root.org.apache.zookeeper:zookeeper - Patched by Root
Root has patched CVE-2026-24308 in the io.root.org.apache.zookeeper:zookeeper package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-58457 CVE-2025-58457 in io.root.org.apache.zookeeper:zookeeper - Patched by Root
Root has patched CVE-2025-58457 in the io.root.org.apache.zookeeper:zookeeper package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-51504 CVE-2024-51504 in io.root.org.apache.zookeeper:zookeeper - Patched by Root
Root has patched CVE-2024-51504 in the io.root.org.apache.zookeeper:zookeeper package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-23944 CVE-2024-23944 in io.root.org.apache.zookeeper:zookeeper - Patched by Root
Root has patched CVE-2024-23944 in the io.root.org.apache.zookeeper:zookeeper package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-24281 CVE-2026-24281 in io.root.org.apache.zookeeper:zookeeper - Patched by Root
Root has patched CVE-2026-24281 in the io.root.org.apache.zookeeper:zookeeper package for Root:Maven. Multiple fixed versions available...
CLEANSTART-2026-AO11810 Netty is an asynchronous, event-driven network application framework
Multiple security vulnerabilities affect the apache-zookeeper package. Netty is an asynchronous, event-driven network application framework. See references for individual vulnerability details...
CLEANSTART-2026-HW72470 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4
Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...