Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/19 4:57 a.m.29 views

CVE-2026-10720 MicroCeph path traversal issue in the remote-import API

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS
Exploits0References13
OSV
OSV
added 2022/05/14 3:47 a.m.23 views

GHSA-H22R-H77W-2G5F Apache Geode gfsh authorization vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

7.1CVSS6.6AI score0.02075EPSS
Exploits3References3
Github Security Blog
Github Security Blog
added 2022/05/14 3:47 a.m.20 views

Apache Geode gfsh authorization vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

7.1CVSS1.9AI score0.02075EPSS
Exploits3References4Affected Software1
CNVD
CNVD
added 2018/01/12 12:0 a.m.4 views

Apache Geode cluster information disclosure vulnerability

Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. An information disclosure vulnerability exists in Apache Geode cluster. An attacker could exploit this...

7.1CVSS6.3AI score0.02075EPSS
Exploits3References1
Veracode
Veracode
added 2018/01/10 8:3 a.m.26 views

Unauthorized Access

geode-core is vulnerable to unauthorized access through gfsh authorization. The vulnerability exists as a user who is connected using the to the Geode cluster, using gfsh tool over HTTP, is able to read status information as well as control cluster members even without CLUSTER:MANAGE privileges...

7.1CVSS6.5AI score0.02075EPSS
Exploits3References5Affected Software1
NVD
NVD
added 2018/01/10 3:29 a.m.20 views

CVE-2017-12622

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

7.1CVSS6.7AI score0.02075EPSS
Exploits3References1
Rows per page
Query Builder