Geode
This hub aggregates every CVE we track for Geode, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.
24
CVEs tracked
5
Critical
12
High
2
In CISA KEV
Severity distribution
HIGH12MEDIUM7CRITICAL5
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Geode.
- CVE-2025-47410Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system8.8
- CVE-2024-44088Apache Geode: Reflected XSS6.1
- CVE-2022-34870Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application5.4
- CVE-2022-37023Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 116.5
- CVE-2022-37022Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 118.8
- CVE-2022-37021Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 8.9.8
- CVE-2021-34797Apache Geode project log file redaction of sensitive information vulnerability7.5
- CVE-2019-15752Уязвимость платформы для разработки и доставки контейнерных приложений Docker Desktop for Windows, связанная с неправильным назначением разрешений для файла docker-credential-wincred.exe, позволяющая нарушителю повысить свои привилегии7.5
- CVE-2019-10091When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This co...7.4
- CVE-2019-14892A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and ...9.8
- CVE-2020-1938When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar...KEV9.8
- CVE-2014-0048An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.9.8
- CVE-2019-15752Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a l...KEV7.8
- CVE-2017-15694When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could...6.5
- CVE-2017-15695When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This a...8.8
Product normalization is registry-driven with AI assist and human review. How it works