147 matches found
Microsoft Windows Local Security Authority Subsystem Service 安全漏洞
The Microsoft Windows Local Security Authority Subsystem Service is an internal Microsoft program that runs Windows system security policies. It authenticates users when they log on to a computer standalone or server, manages user password changes, and generates access characters. It also leaves...
CVE-2022-0070
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to...
CVE-2022-0070
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to...
CVE-2021-3100
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges...
CVE-2021-3100
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges...
Design/Logic Flaw
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to...
Code injection
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges...
CVE-2022-0070
CVE-2022-0070 concerns an issue in the Apache Log4j 2.x hotpatch package (log4j-cve-2021-44228-hotpatch) used on Amazon Linux platforms. The connected advisories describe a race condition in hotpatch versions prior to 1.3-5 that could enable local privilege escalation, by the hotpatcher executing...
CVE-2021-3100
Technical details for CVE-2021-3100 are not publicly provided in the supplied documents. Monitor for updates from connected sources to obtain affected products, root cause, impact, and remediations.
CVE-2021-3100 Log4j hot patch package privilege escalation
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges...
Apache Log4j 安全漏洞
Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Amazon Linux log4j-cve-2021-44228-hotpatch version 1.1-12 previously had a security vulnerability that stemmed from the Apache Log4j hotpatch package prior to log4j-cve-2021-44228-hotpatch-1.1-12 not mimicking the...
Amazon Linux 安全漏洞
Amazon Linux AMI is an application. A supported and maintained Linux image provided by Amazon Web Services for the Amazon Elastic Compute Cloud Amazon EC2. A security vulnerability exists in Amazon Linux 1 and Amazon Linux 2 that stems from an incomplete fix in the log4j-cve-2021-44228-hotpatch...
PT-2022-2393 · Apache · Log4J
Name of the Vulnerable Software and Affected Versions: Apache Log4j versions prior to log4j-cve-2021-44228-hotpatch-1.1-13 Description: The issue is related to insecure privilege management in the Log4j Java logging program. It allows an attacker to escalate their privileges. Recommendations: For...
Amazon Linux 2 : log4j-cve-2021-44228-hotpatch (ALAS-2022-1773)
The version of log4j-cve-2021-44228-hotpatch installed on the remote host is prior to 1.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1773 advisory. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic...
Important: log4j-cve-2021-44228-hotpatch
Issue Overview: The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to. In order to mimic the Linux capabilities of the target process, Amazon Linu...
Important: log4j-cve-2021-44228-hotpatch
Issue Overview: The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to. In order to mimic the Linux capabilities of the target process, Amazon Linu...
Amazon Linux AMI : log4j-cve-2021-44228-hotpatch (ALAS-2022-1580)
The version of log4j-cve-2021-44228-hotpatch installed on the remote host is prior to 1.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1580 advisory. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic...
February 8, 2022—Hotpatch KB5010456 (OS Build 20348.525)
February 8, 2022—Hotpatch KB5010456 OS Build 20348.525 Improvements and fixes This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. If you installed earlier updates, only the new fixes contained in this packag...
Microsoft Hyper-V资源管理错误漏洞
Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Hyper-V is vulnerable to a resource management error. The following products and editions are affected:Windows 10 Version 1809 for...
Important: log4j-cve-2021-44228-hotpatch
Issue Overview: The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-13 will now explicitly mimic the permissions of the JVM attempting to be updated. Affected Packages: log4j-cve-2021-44228-hotpatch Note: This advisory is applicable to Amazon Linux 2 AL2 Core...