CVE-2022-25897 The package org.eclipse.milo:sdk-server before 0.6.8 is vulnerable to Denial of Service when sending CloseSession requests with the 'deleteSubscription' parameter set to False.
This issue does not affect installations using MELOS. The update package has been updated on the download site. Update packages have been pushed to the
CVE-2022-39838 ALFAFX 2.4.0.25 allows remote file inclusion and path traversal.
This can be used to read or write to any file on the system that the attacker has permission to access. ALFAFX is especially dangerous
CVE-2022-29063 The Solr plugin is configured to make a RMI request on localhost port 1099.
When executing a remote query, the server, by default, listens for connections on all local endpoints, and if an attacker, on the same subnet, is
CVE-2022-37021 Apache Geode versions 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization flaw when using JMX over RMI on Java 8.
The serial filter is enabled by default on all new installations of Apache Geode. Users who wish to avoid any possible data attack on existing
CVE-2022-37023 Apache Geode is vulnerable to a deserialization flaw when using REST API on Java 8 or 11.
Apache Geode 1.15.0 and later releases no longer support the deprecated "spring-data-jpa" dependency. Apache Geode 1.15 and later releases no
Episode
00:00:00
00:00:00