Every CVE whose affected-product data names Apache Bookkeeper, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2019-17571 — CVSS 9.8 (critical): Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely…
CVE-2017-6891 — CVSS 8.8 (high): Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a…
CVE-2019-19906 — CVSS 7.5 (high): cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a…
CVE-2020-36230 — CVSS 7.5 (high): A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c…
CVE-2020-23922 — CVSS 7.1 (high): An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.
CVE-2022-32531 — CVSS 5.9 (medium): The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname…
CVE-2019-19924 — CVSS 5.3 (medium): SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect…