Computer vulnerabilities of Apache Kafka

Netty: overload via ZlibDecoders
An attacker can trigger an overload via ZlibDecoders of Netty, in order to trigger a denial of service...
cpuapr2021, CVE-2020-11612, DLA-2364-1, DSA-2020-135, DSA-4885-1, RHSA-2020:3495-01, RHSA-2020:3496-01, RHSA-2020:3497-01, RHSA-2020:3501-01, USN-4600-2, VIGILANCE-VUL-32168

Apache log4j: Man-in-the-Middle via SmtpAppender
An attacker can act as a Man-in-the-Middle via SmtpAppender on Apache log4j, in order to read or write data in the session...
6371652, cpujan2021, cpujul2020, cpuoct2020, CVE-2020-9488, VIGILANCE-VUL-32095

FasterXML jackson-databind: privilege escalation via xbean-reflect/JNDI
An attacker can bypass restrictions via xbean-reflect/JNDI of FasterXML jackson-databind, in order to escalate his privileges...
CVE-2020-8840, DLA-2111-1, K15320518, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-31653

Apache Kafka Connect: information disclosure via Tasks Endpoint Plaintext Secrets
An attacker can bypass access restrictions to data via Tasks Endpoint Plaintext Secrets of Apache Kafka Connect, in order to obtain sensitive information...
CVE-2019-12399, VIGILANCE-VUL-31314

FasterXML jackson-databind: code execution via com.zaxxer.hikari.HikariDataSource Deserialization
An attacker can use a vulnerability via com.zaxxer.hikari.HikariDataSource Deserialization of jackson-databind, in order to run code...
cpuoct2020, CVE-2019-16335, DLA-1943-1, DSA-4542-1, FEDORA-2019-b171554877, NTAP-20191004-0002, RHSA-2020:0159-01, RHSA-2020:0160-01, RHSA-2020:0161-01, RHSA-2020:0164-01, RHSA-2020:0445-01, RHSA-2020:1644-01, VIGILANCE-VUL-30500

FasterXML jackson-databind: code execution via com.zaxxer.hikari.HikariConfig Deserialization
An attacker can use a vulnerability via com.zaxxer.hikari.HikariConfig Deserialization of jackson-databind, in order to run code...
cpuoct2020, CVE-2019-14540, DLA-1943-1, DSA-4542-1, FEDORA-2019-b171554877, NTAP-20191004-0002, RHSA-2020:0159-01, RHSA-2020:0160-01, RHSA-2020:0161-01, RHSA-2020:0164-01, RHSA-2020:0445-01, RHSA-2020:1644-01, VIGILANCE-VUL-30499

Apache Kafka: privilege escalation via Produce Request
An attacker can bypass restrictions via Produce Request of Apache Kafka, in order to escalate his privileges...
CVE-2018-17196, VIGILANCE-VUL-29749

Eclipse Jetty: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Eclipse Jetty, in order to run JavaScript code in the context of the web site...
6344071, 6344075, cpuapr2020, cpuapr2021, cpujan2020, cpujan2021, cpujul2020, CVE-2019-10241, CVE-2019-10246, CVE-2019-10247, NTAP-20190509-0003, VIGILANCE-VUL-29106

Apache Kafka: denial of service via Metadata Spamming Requests
An attacker can trigger a fatal error via Metadata Spamming Requests of Apache Kafka, in order to trigger a denial of service...
VIGILANCE-VUL-28571

Apache Kafka: denial of service via Data Replication
An attacker can generate a fatal error via Data Replication of Apache Kafka, in order to trigger a denial of service...
CVE-2018-1288, VIGILANCE-VUL-26851

Our database contains other pages. You can request a free trial to read them.

Display information about Apache Kafka:

http://kafka.apache.org/