CVE-2022-37021 Apache Geode versions 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization flaw when using JMX over RMI on Java 8.
The serial filter is enabled by default on all new installations of Apache Geode. Users who wish to avoid any possible data attack on existing
CVE-2022-37023 Apache Geode is vulnerable to a deserialization flaw when using REST API on Java 8 or 11.
Apache Geode 1.15.0 and later releases no longer support the deprecated "spring-data-jpa" dependency. Apache Geode 1.15 and later releases no
CVE-2022-37022 Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization flaw when using JMX over RMI on Java 11.
Apache Geode 1.15 was released on May 23, 2019. Apache Geode 1.15 is not yet available on any release channels. You can install
CVE-2022-36553 The blacklist version of the T-HYtec Inter HWL-2511-SS had a command injection vulnerability.
This version is vulnerable to a command injection attack where an attacker can inject malicious commands into the running web server. This may be leveraged
CVE-2022-0718 A flaw was found in python-oslo-utils
This flaw applies to the Python 2.7 and 3.4 versions of the package. It was responsibly disclosed to the security team and fixed
Episode
00:00:00
00:00:00