The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Apache Kafka

Netty: overload via ZlibDecoders
An attacker can trigger an overload via ZlibDecoders of Netty, in order to trigger a denial of service...
CVE-2020-11612, DLA-2364-1, DSA-2020-135, RHSA-2020:3495-01, RHSA-2020:3496-01, RHSA-2020:3497-01, RHSA-2020:3501-01, VIGILANCE-VUL-32168
Apache log4j: Man-in-the-Middle via SmtpAppender
An attacker can act as a Man-in-the-Middle via SmtpAppender on Apache log4j, in order to read or write data in the session...
cpujul2020, cpuoct2020, CVE-2020-9488, VIGILANCE-VUL-32095
FasterXML jackson-databind: privilege escalation via xbean-reflect/JNDI
An attacker can bypass restrictions via xbean-reflect/JNDI of FasterXML jackson-databind, in order to escalate his privileges...
CVE-2020-8840, DLA-2111-1, K15320518, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-31653
Apache Kafka Connect: information disclosure via Tasks Endpoint Plaintext Secrets
An attacker can bypass access restrictions to data via Tasks Endpoint Plaintext Secrets of Apache Kafka Connect, in order to obtain sensitive information...
CVE-2019-12399, VIGILANCE-VUL-31314
FasterXML jackson-databind: code execution via com.zaxxer.hikari.HikariDataSource Deserialization
An attacker can use a vulnerability via com.zaxxer.hikari.HikariDataSource Deserialization of jackson-databind, in order to run code...
cpuoct2020, CVE-2019-16335, DLA-1943-1, DSA-4542-1, FEDORA-2019-b171554877, NTAP-20191004-0002, RHSA-2020:0159-01, RHSA-2020:0160-01, RHSA-2020:0161-01, RHSA-2020:0164-01, RHSA-2020:0445-01, RHSA-2020:1644-01, VIGILANCE-VUL-30500
FasterXML jackson-databind: code execution via com.zaxxer.hikari.HikariConfig Deserialization
An attacker can use a vulnerability via com.zaxxer.hikari.HikariConfig Deserialization of jackson-databind, in order to run code...
cpuoct2020, CVE-2019-14540, DLA-1943-1, DSA-4542-1, FEDORA-2019-b171554877, NTAP-20191004-0002, RHSA-2020:0159-01, RHSA-2020:0160-01, RHSA-2020:0161-01, RHSA-2020:0164-01, RHSA-2020:0445-01, RHSA-2020:1644-01, VIGILANCE-VUL-30499
Apache Kafka: privilege escalation via Produce Request
An attacker can bypass restrictions via Produce Request of Apache Kafka, in order to escalate his privileges...
CVE-2018-17196, VIGILANCE-VUL-29749
Eclipse Jetty: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Eclipse Jetty, in order to run JavaScript code in the context of the web site...
6344071, 6344075, cpuapr2020, cpujan2020, cpujul2020, CVE-2019-10241, CVE-2019-10246, CVE-2019-10247, NTAP-20190509-0003, VIGILANCE-VUL-29106
Apache Kafka: denial of service via Metadata Spamming Requests
An attacker can trigger a fatal error via Metadata Spamming Requests of Apache Kafka, in order to trigger a denial of service...
VIGILANCE-VUL-28571
Apache Kafka: denial of service via Data Replication
An attacker can generate a fatal error via Data Replication of Apache Kafka, in order to trigger a denial of service...
CVE-2018-1288, VIGILANCE-VUL-26851
Our database contains other pages. You can request a free trial to read them.

Display information about Apache Kafka: