CVE-2022-37023 Apache Geode is vulnerable to a deserialization flaw when using REST API on Java 8 or 11.
Apache Geode 1.15.0 and later releases no longer support the deprecated "spring-data-jpa" dependency. Apache Geode 1.15 and later releases no
CVE-2022-37022 Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization flaw when using JMX over RMI on Java 11.
Apache Geode 1.15 was released on May 23, 2019. Apache Geode 1.15 is not yet available on any release channels. You can install
CVE-2021-4125 The fix for log4j CVE-2021-44228 and CVE-2021-45046 was incomplete, as some JndiLookup.class files were not removed.
It does not affect OpenShift Enterprise or the standalone OpenShift Enterprise command line interface (CLI) application. The fix for this issue will be included in
CVE-2022-38663 Jenkins Git Plugin 4.11.4 and earlier does not properly mask credentials in the build log.
As a result, a user with the required credentials could potentially find the credentials for another user due to the presence of an overlap between
CVE-2022-2053 - Undertow AJP DoS Vulnerability via Malicious POST Requests
Published: June 2022
Fixed in: Undertow 2.2.19.Final, 2.3..Alpha2
Severity: Moderate
CWE: CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
CVE
Episode
00:00:00
00:00:00