CVE-2025-47410

>= 1.10.0 and < 1.15.2

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an atta

8.8HIGH

CVE-2024-44088

>= 1.1.0 and < 1.15.2

Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an at

6.1MEDIUM

CVE-2022-34870

<= 1.15.0

Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web applicat

5.4MEDIUM

CVE-2022-37023

< 1.15.0

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or

6.5MEDIUM

CVE-2022-37022

<= 1.12.2

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI o

8.8HIGH

CVE-2022-37021

<= 1.12.5

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX ov

9.8CRITICAL

CVE-2021-34797

<= 1.12.4

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using valu

7.5HIGH

CVE-2019-10091

all versions

When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of t

7.4HIGH

CVE-2019-14892

all versions

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deser

9.8CRITICAL

CVE-2020-1938

all versions

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats

9.8CRITICAL

CVE-2014-0048

all versions

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used i

9.8CRITICAL

CVE-2019-15752

all versions

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-

7.8HIGH

CVE-2017-15694

>= 1.0.0 and <= 1.8.0

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data r

6.5MEDIUM

CVE-2017-15695

>= 1.0.0 and <= 1.4.0

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is al

8.8HIGH

CVE-2017-15693

< 1.4.0

In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API

7.5HIGH

CVE-2017-15692

< 1.4.0

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivile

9.8CRITICAL

CVE-2017-15696

>= 1.0.0 and <= 1.3.0

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authoriz

7.5HIGH

CVE-2017-9796

< 1.3.0

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode

5.3MEDIUM

CVE-2017-9795

< 1.3.0

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode

7.5HIGH

CVE-2017-12622

< 1.3.0

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using

7.1HIGH

CVE-2017-9797

<= 1.2.0

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authenticat

6.5MEDIUM

CVE-2017-9794

<= 1.2.0

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line ut

4.3MEDIUM

CVE-2017-5649

<= 1.1.0

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticat

7.5HIGH