279 matches found
Astra Linux - уязвимость в linux-5.15, linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: hwrng: geode – Fixed the PCI device reference count leak issue. The function foreachpcidev is implemented through pcigetdevice. The comment accompanying pcigetdevice states that it will increase the reference count of the...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013795)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013795 advisory. In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010805)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010805 advisory. In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The...
CVE-2026-2818
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only...
com.netflix.ndbench:ndbench-cli (>=0.3.12 <=0.7.4), com.netflix.ndbench:ndbench-geode-plugins (>=0.3.5 <=0.7.4) +35 more potentially affected by CVE-2026-2818 via org.springframework.data:spring-data-geode (>=1.0.0.INCUBATING-RELEASE <=2.7.5)
org.springframework.data:spring-data-geode MAVEN version =1.0.0.INCUBATING-RELEASE, =0.3.12, =0.3.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =3.0.0, =3.2.1...
CVE-2026-2818
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only...
CVE-2026-2818 Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only...
CVE-2026-2818
CVE-2026-2818 describes a zip-slip path traversal in Spring Data Geode’s import snapshot functionality, affecting Windows environments. The issue allows writing files outside the intended extraction directory during snapshot extraction, with impact described as confidentiality: Low , integrity: H...
CVE-2026-2818 Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only...
Spring Data Geode 安全漏洞
Spring Data Geode is a software developed by Spring for configuring, operating, and accessing distributed data management systems. There is a security vulnerability in Spring Data Geode, which stems from a Zip Slip path traversal vulnerability in the import snapshot function. This vulnerability...
PT-2026-21245
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only...
CVE-2026-2817
Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of...
Creation of Temporary File in Directory with Insecure Permissions
Overview Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the use of an insecure temporary directory during snapshot import operations. An attacker can access sensitive information by reading files from the temporary...
com.netflix.ndbench:ndbench-cli (>=0.3.12 <=0.7.4), com.netflix.ndbench:ndbench-geode-plugins (>=0.3.5 <=0.7.4) +35 more potentially affected by CVE-2026-2817 via org.springframework.data:spring-data-geode (>=1.0.0.INCUBATING-RELEASE <=2.7.5)
org.springframework.data:spring-data-geode MAVEN version =1.0.0.INCUBATING-RELEASE, =0.3.12, =0.3.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =3.0.0, =3.2.1...
CVE-2026-2817 Spring Data Geode Insecure Temporary Directory Usage
Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of...
CVE-2026-2817
CVE-2026-2817 affects Spring Data Geode. The issue arises from using an insecure directory during snapshot imports: archives are extracted to predictable, overly permissive locations in the system temp directory. On shared hosts, a local user with basic privileges can access another user’s extrac...
CVE-2026-2817 Spring Data Geode Insecure Temporary Directory Usage
Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of...
PT-2026-20882
Name of the Vulnerable Software and Affected Versions Spring Data Geode affected versions not specified Description The software has a flaw related to insecure directory usage during snapshot imports. Specifically, archives are extracted into predictable and overly permissive directories within t...
Spring Data Geode 安全漏洞
Spring Data Geode is a software developed by Spring for configuring, operating, and accessing distributed data management systems. There is a security vulnerability in Spring Data Geode, which stems from the use of an insecure directory during the snapshot import process. Archives are stored in a...
CVE-2022-37021
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. ...