Lucene search
+L

46 matches found

nessus
nessus
added 2022/02/18 12:0 a.m.69 views

openSUSE 15 Security Update : kafka (openSUSE-SU-2022:0038-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0038-1 advisory. - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration...

9.8CVSS8.7AI score0.81147EPSS
Exploits10References13
redhat
redhat
added 2022/02/15 6:54 p.m.5 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
oraclelinux
oraclelinux
added 2022/02/08 12:0 a.m.81 views

log4j security update

0:1.2.17-18 - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remote code execution when application is configured to use JMSSink - Resolves: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302...

9.8CVSS2.7AI score0.66537EPSS
Exploits1
nessus
nessus
added 2022/02/08 12:0 a.m.171 views

RHEL 6 / 7 : log4j (RHSA-2022:0442)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0442 advisory. Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: log4j: SQL injection in Log...

9.8CVSS8.6AI score0.66537EPSS
Exploits1References8
cloudlinux
cloudlinux
added 2022/02/03 8:1 p.m.186 views

Fix of CVE: CVE-2022-23305

CVE-2022-23305: disable JDBCAppender by default. Add optional parameter for enabling it...

9.8CVSS1.7AI score0.66537EPSS
Exploits1References1
nessus
nessus
added 2022/01/28 12:0 a.m.62 views

SUSE SLES12 Security Update : log4j (SUSE-SU-2022:0212-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0212-1 advisory. - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. bsc1194844 - CVE-2022-23305: Fix SQL injection by...

9.8CVSS7.6AI score0.66537EPSS
Exploits1References10
nessus
nessus
added 2022/01/28 12:0 a.m.60 views

openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0214-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0214-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...

9.8CVSS8.8AI score0.66537EPSS
Exploits1References10
nessus
nessus
added 2022/01/28 12:0 a.m.55 views

SUSE SLES15 Security Update : log4j (SUSE-SU-2022:0214-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0214-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...

9.8CVSS7.6AI score0.66537EPSS
Exploits1References10
nessus
nessus
added 2022/01/27 12:0 a.m.66 views

SUSE SLES11 Security Update : log4j (SUSE-SU-2022:14881-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14881-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...

9.8CVSS7.6AI score0.66537EPSS
Exploits1References10
nessus
nessus
added 2022/01/27 12:0 a.m.66 views

Oracle Linux 8 : parfait:0.5 (ELSA-2022-0290)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0290 advisory. - Obsolete remove vulnerable versions of log4j12 NVR 1.2.17-23 when upgrading to parfait 0.5.4-4 CVE-2021-4104 Tenable has extracted the preceding...

9.8CVSS7.5AI score0.81147EPSS
Exploits10References5
redhat
redhat
added 2022/01/26 2:48 p.m.75 views

Important: Red Hat Security Advisory: parfait:0.5 security update

An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.5AI score0.81147EPSS
Exploits10References6
github
github
added 2022/01/21 11:26 p.m.204 views

SQL Injection in Log4j 1.2.x

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS2.7AI score0.66537EPSS
Exploits1References8Affected Software2
cnvd
cnvd
added 2022/01/20 12:0 a.m.39 views

Apache log4j Chainsaw deserialization code execution vulnerability

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j Chainsaw is vulnerable to deserialized code execution. The vulnerability stems from insufficient cleanup of user-supplied data in JDBCAppender in a non-default configuration with JDBCAppender enabled. A...

9CVSS3.8AI score0.52458EPSS
Exploits0References1
cnvd
cnvd
added 2022/01/20 12:0 a.m.43 views

Apache Log4j SQL Injection Vulnerability

Apache Log4j, a Java-based open source logging tool from the Apache Foundation, is vulnerable to SQL injection, which stems from a JDBCAppender in Log4j 1.2.x that accepts a SQL statement as a configuration parameter, where the value to be inserted is from the PatternLayout's converter. The messa...

9.8CVSS1.6AI score0.66537EPSS
Exploits1References1
veracode
veracode
added 2022/01/19 12:47 p.m.83 views

SQL Injection

JDBCAppender in Log4j is vulnerable to SQL Injection. An attacker is able to execute arbitrary SQL commands via entering crafted strings into input fields and headers where the values to be inserted are converters from PatternLayout...

9.8CVSS9.8AI score0.66537EPSS
Exploits1References6Affected Software93
redhatcve
redhatcve
added 2022/01/18 4:16 p.m.68 views

CVE-2022-23305

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS3.5AI score0.66537EPSS
Exploits1References4
nvd
nvd
added 2022/01/18 4:15 p.m.22 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS0.66537EPSS
Exploits1References6
osv
osv
added 2022/01/18 4:15 p.m.5 views

DEBIAN-CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS7.8AI score0.66537EPSS
Exploits1References1
prion
prion
added 2022/01/18 4:15 p.m.39 views

Design/Logic Flaw

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

6.8CVSS9.6AI score0.66537EPSS
Exploits1References6Affected Software26
ubuntucve
ubuntucve
added 2022/01/18 4:15 p.m.54 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS6.9AI score0.66537EPSS
Exploits1References6
Rows per page
Query Builder