124 matches found
SUSE CVE-2024-8185
Vault Community and Vault Enterprise “Vault” clusters using Vault's Integrated Storage backend are vulnerable to a denial-of-service DoS attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vaul...
CVE-2023-31654
Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c...
CVE-2024-41169
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...
From Consensus to Chaos: A Vulnerability Assessment of the RAFT Algorithm
In recent decades, the RAFT distributed consensus algorithm has become a main pillar of the distributed systems ecosystem, ensuring data consistency and fault tolerance across multiple nodes. Although the fact that RAFT is well known for its simplicity, reliability, and efficiency, its security...
CVE-2025-26866
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
Remote Code Execution (RCE)
org.apache.hugegraph, hg-pd-core is vulnerable to a Remote Code Execution. The vulnerability is due to insecure Hessian deserialization in the Raft cluster membership logic, where a malicious Raft node can send crafted objects that bypass type safety and trigger unsafe deserialization and attacke...
GHSA-Q37J-3367-FWV7 Apache HugeGraph-Server: RAFT and deserialization vulnerability
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via insecure Hessian deserialization in the PD store. An attacker can execute arbitrary code by sending maliciously crafted data from a compromised or rogue Raft node. Details Serialization is a process...
CVE-2025-26866 Apache HugeGraph-Server: RAFT and deserialization vulnerability
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
MAL-2025-192382 Malicious code in raft-dask (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 030a53a896f5df53ae7114349ea26d0d00d132929f557c6b16ce9e2cdb217a0d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2025-201887
Malicious code in raft-dask PyPI...
Malicious code in raft-dask (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 030a53a896f5df53ae7114349ea26d0d00d132929f557c6b16ce9e2cdb217a0d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
PT-2025-50223
Name of the Vulnerable Software and Affected Versions Apache HugeGraph-Server versions prior to 1.7.0 Description A remote code execution issue exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict...
EUVD-2021-2035
Malware in sbrugna...
EUVD-2021-2552
Malware in sbrugna...
EUVD-2021-2037
Malware in sbrugna...
EUVD-2024-0421
Malicious code in bioql PyPI...
EUVD-2024-54778
Malicious code in bioql PyPI...
EUVD-2023-0749
Malicious code in bioql PyPI...
EUVD-2024-0243
Malicious code in bioql PyPI...