CVE-2022-37435 Insecure permissions allow low-privilege administrators to modify high-privilege administrator's passwords.
It has been discovered that Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue
CVE-2022-1319 - Double Response Packet in Undertow’s AJP Connection Handling (with Exploit Details)
Let's break down CVE-2022-1319, a notable flaw discovered in the Undertow web server – the core HTTP engine for Red Hat JBoss EAP 7
CVE-2022-37021 Apache Geode versions 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization flaw when using JMX over RMI on Java 8.
The serial filter is enabled by default on all new installations of Apache Geode. Users who wish to avoid any possible data attack on existing
CVE-2022-37023 Apache Geode is vulnerable to a deserialization flaw when using REST API on Java 8 or 11.
Apache Geode 1.15.0 and later releases no longer support the deprecated "spring-data-jpa" dependency. Apache Geode 1.15 and later releases no
CVE-2022-37022 Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization flaw when using JMX over RMI on Java 11.
Apache Geode 1.15 was released on May 23, 2019. Apache Geode 1.15 is not yet available on any release channels. You can install
Episode
00:00:00
00:00:00