285 matches found
CVE-2017-9797
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...
Information Disclosure
geode-core is vulnerable to information disclosure. The library has a bug in the gfsh query pagination, causing gfsh queries to return sensitive information from a different user...
CVE-2017-9794
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...
CVE-2017-9794
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...
Command injection
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...
CVE-2017-9794
The CVE-2017-9794 entry describes an information-disclosure flaw in Apache Geode prior to version 1.2.1: when a cluster runs in secure mode, a user with read access to certain data regions can use the gfsh CLI to run queries, and query results may include data from another user’s concurrent gfsh ...
Information Disclosure
Geode-pulse is vulnerable to information disclosure. A malicious user that does not have DATA:READ permissions on a cluster but has CLUSTER:READ permissions on a cluster can access the data browser page in Pulse, allowing them to execute an OQL query to expose sensitive data in the cluster...
CVE-2017-5649
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
Design/Logic Flaw
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
CVE-2017-5649
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
CVE-2017-5649
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
CVE-2017-5649
CVE-2017-5649 affects Apache Geode prior to 1.1.1. When a cluster has security-manager enabled, remote authenticated users with CLUSTER:READ but not DATA:READ can access the data browser page in Pulse and run an OQL query, exposing data stored in the cluster. The vulnerability is demonstrated by ...
CVE-2016-9885
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh Geode Shell endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are...
Privilege Escalation
geode-core is vulnerable to privilege escalation. A malicious user can write a simple function to change the securityManager's settings to gain privileges to execute arbitrary code...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the xorg-x11-drv-geode-2.11.15 package in the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
MDVA-2009:014 : drak3d
This update fixes several minor issues with drak3: - allow to show only installed WMs in interactive mode for finish-install - add --force option to force 3D desktop enabling even if not supported - check if system supports command line options before applying them - blacklist geode driver - do n...
Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-470-1
Ubuntu Update for Linux kernel vulnerabilities USN-470-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4701.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-470-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Ubuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-470-1)
USN-464-1 fixed several vulnerabilities in the Linux kernel. Some additional code changes were accidentally included in the Feisty update which caused trouble for some people who were not using UUID-based filesystem mounts. These changes have been reverted. We apologize for the inconvenience. For...
Linux kernel multiple security vulnerabilities
Kernel memory content leak in cpuset and setsockopt. Weak PRNG generator. GEODE-AES weak encryption key generation...
[USN-470-1] Linux kernel vulnerabilities
=========================================================== Ubuntu Security Notice USN-470-1 June 08, 2007 linux-source-2.6.20 vulnerabilities CVE-2007-1353, CVE-2007-2451, CVE-2007-2453 =========================================================== A security issue affects the following Ubuntu...