Lucene search
K

13 matches found

Wolfi
Wolfi
added 2025/03/15 10:43 a.m.30 views

CVE-2018-1320 vulnerabilities

Vulnerabilities for packages: druid...

7.5CVSS7.1AI score0.08188EPSS
Exploits0
Chainguard
Chainguard
added 2025/03/15 10:12 a.m.29 views

CVE-2018-1320 vulnerabilities

Vulnerabilities for packages: druid...

7.5CVSS7.8AI score0.08188EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/05 8:54 p.m.23 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache Thrift security bypass vulnerability[ CVE-2018-1320]

Summary Potential Apache Thrift security bypass vulnerability CVE-2018-1320 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2018-1320...

7.5CVSS7.5AI score0.08188EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/13 8:2 a.m.44 views

Security Bulletin: Multiple vulnerabilities in libthrift affect IBM Application Performance Management products

Summary libthrift jar is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2018-1320 DESCRIPTION: Apache Thrift could allow a remote attacker to bypass security restrictions, caused by the disablement of an assert used to determine if the SASL handshake had...

7.8CVSS7.5AI score0.09082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/22 5:49 p.m.53 views

Security Bulletin: IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec (CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835)

Summary IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835. The fixes include libthrift 0.17.0 & commons-codec version 1.15 Vulnerability Details CVEID:CVE-2018-1320 DESCRIPTION:...

7.8CVSS7.8AI score0.09082EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/03/05 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for thrift (EulerOS-SA-2021-1457)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.09082EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for thrift (EulerOS-SA-2019-1458)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.08188EPSS
Exploits0References2
Debian
Debian
added 2019/02/06 8:42 p.m.144 views

[SECURITY] [DLA 1662-1] libthrift-java security update

Package : libthrift-java Version : 0.9.1-2+deb8u1 CVE ID : CVE-2018-1320 Debian Bug : 918736 It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if th...

7.5CVSS7.5AI score0.08188EPSS
Exploits0
OpenVAS
OpenVAS
added 2019/02/06 12:0 a.m.63 views

Debian: Security Advisory (DLA-1662-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.08188EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/01/07 6:0 p.m.37 views

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

7.4AI score0.08188EPSS
Exploits0References25
CVE
CVE
added 2019/01/07 6:0 p.m.369 views

CVE-2018-1320

CVE-2018-1320 affects Apache Thrift: Java client library versions 0.5.0–0.11.0. The issue stems from an assert in TSaslTransport.isComplete that validates SASL handshakes; disabling this check can leave SASL negotiation validation incomplete, enabling a security bypass. Multiple connected sources...

7.5CVSS7.3AI score0.08188EPSS
Exploits0References25Affected Software1
Debian CVE
Debian CVE
added 2019/01/07 6:0 p.m.28 views

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

7.5CVSS7AI score0.08188EPSS
Exploits0
OSV
OSV
added 2019/01/07 5:29 p.m.11 views

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

7.5CVSS7.4AI score
Exploits0References25
Rows per page
Query Builder