Bookkeeper Security Vulnerabilities and Issues — Bookkeeper CVE List

ApacheBookkeeper

7 matches found

CVE•added 2019/12/20 4:1 p.m.•1068 views

CVE-2019-17571

CVE-2019-17571 affects the Apache Log4j 1.x SocketServer: it deserializes serialized log events from untrusted network input without proper whitelisting, enabling remote code execution when combined with a deserialization gadget. Affected are Log4j 1.2 up to 1.2.17; exploitation hinges on receivi...

9.8CVSS8.8AI score0.28502EPSS

CVE•added 2019/12/19 5:39 p.m.•338 views

CVE-2019-19906

CVE-2019-19906 affects Cyrus SASL 2.1.27 (and related builds) with an out-of-bounds write in _sasl_add_string in common.c, leading to unauthenticated remote denial-of-service when processing malformed LDAP packets (used by OpenLDAP in the chain). Remediation is to upgrade to a patched Cyrus SASL ...

7.5CVSS7.5AI score0.00481EPSS

CVE•added 2021/01/25 9:43 a.m.•290 views

CVE-2020-36230

CVE-2020-36230 is an OpenLDAP flaw (pre-2.4.57) causing an assertion failure in slapd during X.509 DN parsing in decode.c ber_next_element, leading to denial of service. Affected: OpenLDAP before 2.4.57. Mitigation: upgrade to OpenLDAP 2.4.57 or later (as indicated by OpenLDAP advisories and link...

7.5CVSS7.4AI score0.03549EPSS

CVE•added 2019/12/24 3:53 p.m.•223 views

CVE-2019-19924

CVE-2019-19924 affects SQLite 3.30.1 with faulty error handling in sqlite3WindowRewrite() during parser-tree rewriting (expr.c, vdbeaux.c, window.c). The connected Astra Linux note reproduces the vulnerability description, and IBM CP4S remediation states CP4S 1.9.0 fixes this by upgrading from CP...

5.3CVSS6.9AI score0.06298EPSS

CVE•added 2017/05/22 7:0 p.m.•216 views

CVE-2017-6891

CVE-2017-6891 affects libtasn1 (GnuTLS libtasn1) with two errors in asn1_find_node() in lib/parser_aux.c of version 4.10 that can be triggered by processing a specially crafted assignments file (e.g., via asn1Coding). This can cause a stack-based buffer overflow and allow arbitrary code execution...

8.8CVSS8.5AI score0.01587EPSS

CVE•added 2022/12/15 10:17 a.m.•95 views

CVE-2022-32531

The CVE-2022-32531 issue affects the Apache Bookkeeper Java Client. Affected software: BookKeeper Java Client prior to versions 4.14.6 and 4.15.0. Root cause: the client does not close the connection to the bookkeeper server when TLS hostname verification fails, enabling a potential MITM conditio...

5.9CVSS5.5AI score0.00798EPSS

CVE•added 2021/04/21 5:41 p.m.•84 views

CVE-2020-23922

CVE-2020-23922 is a vulnerability in giflib up to version 5.1.4 where the function DumpScreen2RGB in gif2rgb.c performs a heap-based buffer over-read . Connected sources (OSV, CNVD, NVD, ALAS advisories) confirm the issue and its impact attribution to giflib 5.1.4 and earlier. The vulnerability i...

7.1CVSS6.8AI score0.02118EPSS