USN-5222-1 apache-log4j2 vulnerabilities

It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. CVE-2021-44832 Hideki Okamoto and Guy...

CLSA-2022-1641904053 Fix of 14 CVEs

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

Fix of 14 CVEs

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file which would cause hivex to recursively call the _get_children() function leading to a stack overflow. The highest threat from this vulnerability is to system availability.

...

OPENSUSE-SU-2022:0043-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. bsc1194178...

CVE-2021-3997

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp...

extend2 安全漏洞

extend2 is a simple function for extending objects. Derived from node-extend, the difference is that deep cloning overwrites the array with the original array. extend2 suffers from a security vulnerability that stems from an unsafe recursive merge...

GHSA-3QPM-H9CH-PX3C Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library

Summary The version used of Log4j, the library used for logging by PowerNukkit, is subject to a remote code execution vulnerability via the ldap JNDI parser. It's well detailed at CVE-2021-44228 and CVE-2021-45105https://github.com/advisories/GHSA-p6xc-xr62-6r2g. Impact Malicious client code coul...

Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library

Summary The version used of Log4j, the library used for logging by PowerNukkit, is subject to a remote code execution vulnerability via the ldap JNDI parser. It's well detailed at CVE-2021-44228 and CVE-2021-45105https://github.com/advisories/GHSA-p6xc-xr62-6r2g. Impact Malicious client code coul...

The vulnerability of the Bluetooth DHT traffic analyzer service in Wireshark allows a hacker to cause a service failure.

The vulnerability of the Bluetooth DHT traffic analyzer service in Wireshark stems from an uncontrolled recursion. Exploiting this vulnerability allows a malicious actor to cause a service failure by injecting specially created packets...

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale (CVE-2021-45105, CVE-2021-45046)

Summary Multiple vulnerabilities in Apache Log4j could allow an attacker to execute arbitrary code and denial of service on the system because the library is used by the Graphical User Interface GUI of IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is...

[SECURITY] [DLA 2872-1] agg security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2872-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk December 31, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2852-1 : apache-log4j2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2852 advisory. Several security vulnerabilities were found in Apache Log4j2, a Logging Framework for Java, which could lead to a denial of service or information disclosure...

CLSA-2021-1640791516 Fix CVE(s): CVE-2021-45078, CVE-2018-12700

SECURITY UPDATE: - debian/patches/CVE-2018-12700.patch: fix infinite recursion. - debian/patches/CVE-2021-45078.patch: fix heap-based buffer overflow. - CVE-2018-12700, CVE-2021-45078...

CLSA-2021-1640790635 Fixed 14 CVEs in binutils

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

Fix of CVE: CVE-2021-45078, CVE-2018-9138, CVE-2018-17985, CVE-2018-12641, CVE-2018-12699, CVE-2018-12698, CVE-2018-12697, CVE-2018-12700, CVE-2018-18484, CVE-2018-18701, CVE-2018-12934, CVE-2018-18700, CVE-2018-17794, CVE-2018-18483

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

CLSA-2021-1640621287 Fix of 36 CVEs

CVE-2018-6323: Fix unsigned integer overflow - CVE-2018-19931: Fix heap-based buffer overflow in bfdelf32swapphdrin - CVE-2018-6543: Fix integer overflow - CVE-2018-20671: Fix integer overflow vulnerability - CVE-2018-6759: Fix segmentation fault - CVE-2018-7208: Fix segmentation fault -...

FreeBSD : OpenSearch -- Log4Shell (d1be3d73-6737-11ec-9eea-589cfc007716)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d1be3d73-6737-11ec-9eea-589cfc007716 advisory. - Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 did not protect from uncontrolled...

DEBIAN-CVE-2021-3622

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to recursively call the getchildren function, leading to a stack overflow. The highest threat from this vulnerability is to system availability...

AZL-7096 CVE-2021-3622 affecting package hivex for versions less than 1.3.21-1

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to recursively call the getchildren function, leading to a stack overflow. The highest threat from this vulnerability is to system availability...