29 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in zookeeper-3.8.4.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in zookeeper-3.8.4.jar Vulnerability Details CVEID:CVE-2026-24281 DESCRIPTION: Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable due to improper permission check vulnerability in Zookeeper (CVE-2025-58457)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable due to improper permission check vulnerability in Zookeeper Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and resto...
Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.14.0 release and security update
Red Hat AMQ Broker 7.14.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
CLEANSTART-2026-ND57973 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0
Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...
Apache ZooKeeper 3.8.x < 3.8.6 / 3.9.x < 3.9.5 Multiple Vulnerabilities
The version of Apache ZooKeeper listening on the remote host is 3.8.x prior to 3.8.6 or 3.9.x prior to 3.9.5. It is, therefore, affected by multiple vulnerabilities: - Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information stored in client...
au.csiro.pathling:encoders (>=7.2.0 <=9.6.0), au.csiro.pathling:fhir-server (=7.2.0) +1279 more potentially affected by CVE-2026-24308 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =2.2.3 and more Source cves: CVE-2026-24308 Source advisory: OSV:GHSA-CRHR-QQJ8-RPXC...
au.csiro.pathling:encoders (>=7.2.0 <=9.6.0), au.csiro.pathling:fhir-server (=7.2.0) +1279 more potentially affected by CVE-2026-24281 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =2.2.3 and more Source cves: CVE-2026-24281 Source advisory: OSV:GHSA-7XRH-HQFC-G7QR...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +1199 more potentially affected by CVE-2026-24281 via org.apache.zookeeper:zookeeper (>=3.8.0 <=3.8.5)
org.apache.zookeeper:zookeeper MAVEN version =3.8.0, =3.10.0.5, =0.1.0, =0.2.6, =0.0.33, =0.0.82, =0.0.33, =0.0.33, =0.0.33, =0.6.2, =0.6.0, =0.7.1 and more Source cves: CVE-2026-24281 Source advisory: OSV:GHSA-7XRH-HQFC-G7QR...
au.csiro.pathling:encoders (>=7.2.0 <=9.6.0), au.csiro.pathling:fhir-server (=7.2.0) +1279 more potentially affected by CVE-2026-24308 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =2.2.3 and more Source cves: CVE-2026-24308 Source advisory:...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +1199 more potentially affected by CVE-2026-24308 via org.apache.zookeeper:zookeeper (>=3.8.0 <=3.8.5)
org.apache.zookeeper:zookeeper MAVEN version =3.8.0, =3.10.0.5, =0.1.0, =0.2.6, =0.0.33, =0.0.82, =0.0.33, =0.0.33, =0.0.33, =0.6.2, =0.6.0, =0.7.1 and more Source cves: CVE-2026-24308 Source advisory: OSV:GHSA-CRHR-QQJ8-RPXC...
ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10) +5201 more potentially affected by CVE-2026-24308 via org.apache.zookeeper:zookeeper (>=3.5.2-alpha <=3.8.5)
org.apache.zookeeper:zookeeper MAVEN version =3.5.2-alpha, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.20.0, =0.21.0 and more Source cves: CVE-2026-24308 Source advisory: SNYK:JAVA-ORGAPACHEZOOKEEPER-15443353...
CVE-2026-24281
CVE-2026-24281 affects Apache ZooKeeper’s ZKTrustManager, where hostname verification falls back to reverse DNS (PTR) when IP SAN validation fails. An attacker who controls or spoofs PTR records and can present a certificate trusted by ZKTrustManager could impersonate ZooKeeper servers or clients...
Security Bulletin: Vulnerability in zookeeper affects IBM Netezza Appliance
Summary The zookeeper package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-58457 Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore...
EUVD-2022-6622
Malicious code in bioql PyPI...
au.csiro.pathling:encoders (>=7.2.0 <=9.6.0), au.csiro.pathling:fhir-server (=7.2.0) +1166 more potentially affected by CVE-2025-58457 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.3)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =2.2.3 and more Source cves: CVE-2025-58457 Source advisory:...
Security Bulletin: Vulnerability in Apache ZooKeeper affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Apache ZooKeeper has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in zookeeper
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of zookeeper Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling...
club.dawdler:dawdler-client-plug-discovery-center-zookeeper (>=0.0.1-jdk1.8-RELEASES <=0.1.1-jdk21-RELEASES), club.dawdler:dawdler-discovery-center-zookeeper-core (>=0.0.1-jdk1.8-RELEASES <=0.1.1-jdk21-RELEASES) +898 more potentially affected by CVE-2024-51504 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.2)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =15.0-RELEASE, =15.0-RELEASE, =2.03-RELEASE, =3.3.0.4.0.6, =3.3.0.4.0.5, =3.0.7.0-SNAPSHOT-a030c50, =3.0.8.0-SNAPSHOT-16a7bc...
cn.aradin:aradin-cluster-zookeeper-starter (>=1.1.1 <=1.1.2), cn.aradin:aradin-lucene-solr-starter (>=1.1.1 <=1.1.2) +522 more potentially affected by CVE-2024-23944 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.1)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =15.1-RELEASE, =15.0-RELEASE, =2.03-RELEASE, =3.3.0.4.0.6, =3.3.0.4.0.5, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.10 and more Source cves: CVE-2024-23944 Source advisory:...
Vulnerability fixed in Apache Zookeeper
The Apache Foundation has fixed a vulnerability in Zookeeper. A malicious party could exploit the vulnerability to gain access gain access to data within Zookeeper. The vulnerability is in the way peer authentication takes place. For successful misuse, the malicious party must be able to be able ...