7 matches found
EUVD-2022-1987
Malicious code in bioql PyPI...
Apache Geode information disclosure vulnerability
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
CVE-2017-9796
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...
Design/Logic Flaw
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
CVE-2017-5649
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
CVE-2017-5649
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
CVE-2017-5649
CVE-2017-5649 affects Apache Geode prior to 1.1.1. When a cluster has security-manager enabled, remote authenticated users with CLUSTER:READ but not DATA:READ can access the data browser page in Pulse and run an OQL query, exposing data stored in the cluster. The vulnerability is demonstrated by ...