14 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in multiple functions in the gRPC API layer, including MemberList and Compact. An attacker can gain unauthorized access to sensitive cluster operations and information, such as viewing cluster topology, disrupting...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in multiple functions in the gRPC API layer, including MemberList and Compact. An attacker can gain unauthorized access to sensitive cluster operations and information, such as viewing cluster topology, disrupting...
EUVD-2017-2251
Malware in sbrugna...
EUVD-2017-2270
Malware in sbrugna...
GHSA-95M2-P98F-24R5 Apache Geode unsafe deserialization of application objects
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are...
Apache Geode unsafe deserialization of application objects
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are...
Unauthorized Metadata Modification
Apache Geode is vulnerable to unauthorized metadata modification. This is due to a lack of proper validation of the permissions of a user who has write permissions for specific data regions. When Apache Geode is operating in secure mode, this allows the user to perform unauthorized metadata...
Unsafe Deserialization
geode-core is vulnerable to unsafe deserialization. If a malicious user has DATA:WRITE access to a cluster, they may be able to trigger remote code execution RCE attacks. These attacks can occur because the server stores data in its serialized form and some cluster operations and API invocations...
CVE-2017-15693
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are...
CVE-2017-15693
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are...
CVE-2017-15693
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are...
CVE-2017-10623
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to...
CVE-2017-10623
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to...
Authorization
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to...