Lucene search
K

285 matches found

Cvelist
Cvelist
added 2017/10/02 1:0 p.m.21 views

CVE-2017-9797

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...

6.5AI score0.01358EPSS
Exploits0References1
Veracode
Veracode
added 2017/10/02 10:4 a.m.20 views

Information Disclosure

geode-core is vulnerable to information disclosure. The library has a bug in the gfsh query pagination, causing gfsh queries to return sensitive information from a different user...

4.3CVSS6.1AI score0.01178EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/09/30 1:29 a.m.16 views

CVE-2017-9794

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

4.3CVSS7AI score0.01178EPSS
Exploits0References1
NVD
NVD
added 2017/09/30 1:29 a.m.23 views

CVE-2017-9794

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

4.3CVSS4.8AI score0.01178EPSS
Exploits0References1
Prion
Prion
added 2017/09/30 1:29 a.m.18 views

Command injection

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

4CVSS7.3AI score0.01178EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/09/29 9:0 p.m.116 views

CVE-2017-9794

The CVE-2017-9794 entry describes an information-disclosure flaw in Apache Geode prior to version 1.2.1: when a cluster runs in secure mode, a user with read access to certain data regions can use the gfsh CLI to run queries, and query results may include data from another user’s concurrent gfsh ...

4.3CVSS4.8AI score0.01178EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/04/05 8:35 a.m.24 views

Information Disclosure

Geode-pulse is vulnerable to information disclosure. A malicious user that does not have DATA:READ permissions on a cluster but has CLUSTER:READ permissions on a cluster can access the data browser page in Pulse, allowing them to execute an OQL query to expose sensitive data in the cluster...

7.5CVSS7.2AI score0.02776EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/04/04 6:59 p.m.20 views

CVE-2017-5649

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...

7.5CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2017/04/04 6:59 p.m.18 views

Design/Logic Flaw

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...

4CVSS7.3AI score0.02776EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/04/04 6:59 p.m.22 views

CVE-2017-5649

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...

7.5CVSS7.3AI score0.02776EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/04/04 6:0 p.m.22 views

CVE-2017-5649

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...

7.3AI score0.02776EPSS
Exploits0References2
CVE
CVE
added 2017/04/04 6:0 p.m.67 views

CVE-2017-5649

CVE-2017-5649 affects Apache Geode prior to 1.1.1. When a cluster has security-manager enabled, remote authenticated users with CLUSTER:READ but not DATA:READ can access the data browser page in Pulse and run an OQL query, exposing data stored in the cluster. The vulnerability is demonstrated by ...

7.5CVSS7.2AI score0.02776EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/01/06 10:59 p.m.4 views

CVE-2016-9885

An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh Geode Shell endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are...

9.8CVSS5.8AI score0.01539EPSS
Exploits0References2
Veracode
Veracode
added 2016/12/05 8:24 a.m.6 views

Privilege Escalation

geode-core is vulnerable to privilege escalation. A malicious user can write a simple function to change the securityManager's settings to gain privileges to execute arbitrary code...

7.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.5 views

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the xorg-x11-drv-geode-2.11.15 package in the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

6.8CVSS5.4AI score0.01683EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.12 views

MDVA-2009:014 : drak3d

This update fixes several minor issues with drak3: - allow to show only installed WMs in interactive mode for finish-install - add --force option to force 3D desktop enabling even if not supported - check if system supports command line options before applying them - blacklist geode driver - do n...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.37 views

Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-470-1

Ubuntu Update for Linux kernel vulnerabilities USN-470-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4701.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-470-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

5CVSS7.7AI score0.02098EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.43 views

Ubuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-470-1)

USN-464-1 fixed several vulnerabilities in the Linux kernel. Some additional code changes were accidentally included in the Feisty update which caused trouble for some people who were not using UUID-based filesystem mounts. These changes have been reverted. We apologize for the inconvenience. For...

5CVSS5.6AI score0.02098EPSS
Exploits0References4
securityvulns
securityvulns
added 2007/06/11 12:0 a.m.270 views

Linux kernel multiple security vulnerabilities

Kernel memory content leak in cpuset and setsockopt. Weak PRNG generator. GEODE-AES weak encryption key generation...

5CVSS2AI score0.02098EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2007/06/11 12:0 a.m.98 views

[USN-470-1] Linux kernel vulnerabilities

=========================================================== Ubuntu Security Notice USN-470-1 June 08, 2007 linux-source-2.6.20 vulnerabilities CVE-2007-1353, CVE-2007-2451, CVE-2007-2453 =========================================================== A security issue affects the following Ubuntu...

5CVSS7.4AI score0.02098EPSS
Exploits0
Rows per page
Query Builder