Lucene search
+L

33 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Apache Log4j1.2

CVE-2020-9493 identified a deserialization issue present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.2.x, and the same issue still exists there...

9CVSS7.5AI score0.52458EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-30300

Malware in sbrugna...

9.8CVSS8.3AI score0.04612EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-0575

Malicious code in bioql PyPI...

9CVSS7.5AI score0.52458EPSS
Exploits0References40
redhatcve
redhatcve
added 2025/05/22 3:44 p.m.12 views

CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

9.8CVSS6.8AI score0.04612EPSS
Exploits0References1
nessus
nessus
added 2023/11/06 12:0 a.m.53 views

Rocky Linux 8 : parfait:0.5 (RLSA-2022:0290)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0290 advisory. - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacke...

9.8CVSS8.7AI score0.81147EPSS
Exploits10References9
nessus
nessus
added 2023/04/06 12:0 a.m.56 views

Amazon Linux AMI : log4j (ALAS-2023-1718)

The version of log4j installed on the remote host is prior to 1.2.17-16.14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1718 advisory. A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to...

9.8CVSS8.2AI score0.66537EPSS
Exploits1References8
susecve
susecve
added 2023/02/15 4:0 a.m.5 views

SUSE CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

9.8CVSS8.5AI score0.04612EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:28 a.m.5 views

SUSE CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

8.1CVSS7.6AI score0.52458EPSS
Exploits0References13
nessus
nessus
added 2022/05/23 12:0 a.m.87 views

Oracle Linux 6 : log4j (ELSA-2022-9419)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9419 advisory. - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 Tenable has extracted the preceding description block directly from the Oracle Linu...

9.8CVSS7.6AI score0.8904EPSS
Exploits3References5
atlassian
atlassian
added 2022/04/08 4:20 p.m.414 views

Update Log4J to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

CVE-2022-23305 Customers that have JDBCAppender configured may be vulnerable to SQL Injection attacks Change Summary: Removed JDBCAppender thus no longer allowing customers to use. CVE-2022-23307 / CVE-2020-9493 Unsafe deserialization issue present in Apache Chainsaw that was bundled in log4j1...

9.8CVSS9.9AI score0.66537EPSS
Exploits1
nessus
nessus
added 2022/03/11 12:0 a.m.60 views

AlmaLinux 8 : parfait:0.5 (ALSA-2022:0290)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0290 advisory. log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23305 log4j: Unsafe deserialization flaw in Chainsaw log...

9.8CVSS8.4AI score0.81147EPSS
Exploits10References5
nessus
nessus
added 2022/02/21 12:0 a.m.159 views

Amazon Linux 2 : log4j (ALAS-2022-1750)

The version of log4j installed on the remote host is prior to 1.2.17-18. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1750 advisory. A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to...

9.8CVSS8.2AI score0.66537EPSS
Exploits1References7
nessus
nessus
added 2022/02/18 12:0 a.m.69 views

openSUSE 15 Security Update : kafka (openSUSE-SU-2022:0038-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0038-1 advisory. - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration...

9.8CVSS8.7AI score0.81147EPSS
Exploits10References13
nessus
nessus
added 2022/02/16 12:0 a.m.138 views

Oracle Linux 7 : log4j (ELSA-2022-0442)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0442 advisory. 0:1.2.17-18 - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remot...

9.8CVSS8.7AI score0.66537EPSS
Exploits1References4
nessus
nessus
added 2022/01/28 12:0 a.m.62 views

SUSE SLES12 Security Update : log4j (SUSE-SU-2022:0212-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0212-1 advisory. - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. bsc1194844 - CVE-2022-23305: Fix SQL injection by...

9.8CVSS7.6AI score0.66537EPSS
Exploits1References10
nessus
nessus
added 2022/01/28 12:0 a.m.60 views

openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0214-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0214-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...

9.8CVSS8.8AI score0.66537EPSS
Exploits1References10
nessus
nessus
added 2022/01/27 12:0 a.m.66 views

SUSE SLES11 Security Update : log4j (SUSE-SU-2022:14881-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14881-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...

9.8CVSS7.6AI score0.66537EPSS
Exploits1References10
veracode
veracode
added 2022/01/19 4:44 a.m.12 views

Remote Code Execution (RCE)

Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system...

9.8CVSS7.5AI score0.04612EPSS
Exploits0References6Affected Software1
veracode
veracode
added 2022/01/19 4:24 a.m.53 views

Remote Code Execution (RCE)

Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system...

8.8CVSS4.8AI score0.52458EPSS
Exploits0References6Affected Software93
attackerkb
attackerkb
added 2022/01/18 4:15 p.m.8 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

9.8CVSS7AI score0.52458EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder