Lucene search
K

287 matches found

vulnersOsv
vulnersOsv
added 2022/05/14 3:37 a.m.4 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-15696 via org.apache.geode:geode-core (>=1.10.0 <=1.3.0)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.16.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-15696 Source advisory: OSV:GHSA-G569-49WG-JX5F...

7.5CVSS7.1AI score0.02043EPSS
Exploits0
OSV
OSV
added 2022/05/14 3:37 a.m.15 views

GHSA-G569-49WG-JX5F Apache Geode configuration request authorization vulnerability

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.5CVSS7.4AI score0.02043EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 3:37 a.m.35 views

Apache Geode configuration request authorization vulnerability

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.5CVSS7.2AI score0.02043EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/14 3:35 a.m.4 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-15693 via org.apache.geode:geode-core (>=1.10.0 <=1.3.0)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.16.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-15693 Source advisory: OSV:GHSA-95M2-P98F-24R5...

7.5CVSS7AI score0.02516EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 3:35 a.m.4 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-15692 via org.apache.geode:geode-core (>=1.10.0 <=1.3.0)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.16.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-15692 Source advisory: OSV:GHSA-W395-HPQ9-7XWR...

9.8CVSS7.2AI score0.04872EPSS
Exploits0
OSV
OSV
added 2022/05/14 3:35 a.m.26 views

GHSA-95M2-P98F-24R5 Apache Geode unsafe deserialization of application objects

In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are...

7.5CVSS7.8AI score0.02516EPSS
Exploits0References4
OSV
OSV
added 2022/05/14 3:35 a.m.21 views

GHSA-W395-HPQ9-7XWR Apache Geode unsafe deserialization in TcpServer

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath...

9.8CVSS9.7AI score0.04872EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/14 3:35 a.m.25 views

Apache Geode unsafe deserialization in TcpServer

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath...

9.8CVSS9.4AI score0.04872EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 3:35 a.m.25 views

Apache Geode unsafe deserialization of application objects

In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are...

7.5CVSS7.8AI score0.02516EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/14 12:57 a.m.8 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-9795 via org.apache.geode:geode-core (>=1.10.0 <=1.2.1)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-9795 Source advisory: OSV:GHSA-6M68-3W55-6MX4...

7.5CVSS7.1AI score0.04177EPSS
Exploits0
OSV
OSV
added 2022/05/14 12:57 a.m.28 views

GHSA-6M68-3W55-6MX4 Apache Geode OQL method invocation vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...

7.5CVSS7.7AI score0.04177EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 12:57 a.m.26 views

Apache Geode OQL method invocation vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...

7.5CVSS4.1AI score0.04177EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:48 a.m.4 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +59 more potentially affected by CVE-2017-9797 via org.apache.geode:geode-core (>=1.10.0 <=1.2.0)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-9797 Source advisory: OSV:GHSA-VH98-FQFC-4HJ3...

6.5CVSS6.5AI score0.01358EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.24 views

Apache Geode vulnerable to Exposure of Sensitive Information

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...

6.5CVSS3.8AI score0.01358EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:18 a.m.6 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-15695 via org.apache.geode:geode-core (>=1.10.0 <=1.4.0)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.16.0, =1.14.0, =1.4.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-15695 Source advisory: OSV:GHSA-JMG4-X4VP-6C6X...

8.8CVSS7.2AI score0.0264EPSS
Exploits0
OSV
OSV
added 2022/05/13 1:18 a.m.25 views

GHSA-JMG4-X4VP-6C6X Apache Geode vulnerable to Incorrect Authorization

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privileg...

8.8CVSS9AI score0.0264EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/13 1:18 a.m.25 views

Apache Geode vulnerable to Incorrect Authorization

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privileg...

8.8CVSS8.9AI score0.0264EPSS
Exploits0References13Affected Software1
vulnersOsv
vulnersOsv
added 2022/02/10 8:51 p.m.7 views

com.netflix.ndbench:ndbench-cli (>=0.3.12 <=0.7.4), com.netflix.ndbench:ndbench-geode-plugins (>=0.3.5 <=0.7.4) +9 more potentially affected by CVE-2019-10091 via org.apache.geode:geode-core (>=1.0.0-incubating <=1.0.0-incubating.M3)

org.apache.geode:geode-core MAVEN version =1.0.0-incubating, =0.3.12, =0.3.5, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating.M2, =1.0.0-incubating, =1.0.0-incubating, =1.0.0.APACHE-GEODE-INCUBATING-M2, =1.0.0.INCUBATING-RELEASE Source cves: CVE-2019-10091 Source advisory:...

7.4CVSS7.1AI score0.01383EPSS
Exploits0
OSV
OSV
added 2022/02/10 8:51 p.m.21 views

GHSA-WC4X-4GM2-74J8 Apache Geode SSL endpoint verification vulnerability

When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...

7.4CVSS7.2AI score0.01383EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/02/10 8:51 p.m.70 views

Apache Geode SSL endpoint verification vulnerability

When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...

7.4CVSS6.9AI score0.01383EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder