Astra Linux - уязвимость в apache-log4j1.2

CVE-2020-9493 identified a deserialization issue present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.2.x, and the same issue still exists there...

EUVD-2020-30300

Malware in sbrugna...

EUVD-2022-0575

Malicious code in bioql PyPI...

CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

Rocky Linux 8 : parfait:0.5 (RLSA-2022:0290)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0290 advisory. - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacke...

Amazon Linux AMI : log4j (ALAS-2023-1718)

The version of log4j installed on the remote host is prior to 1.2.17-16.14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1718 advisory. A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to...

SUSE CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

SUSE CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

Oracle Linux 6 : log4j (ELSA-2022-9419)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9419 advisory. - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 Tenable has extracted the preceding description block directly from the Oracle Linu...

Update Log4J to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

CVE-2022-23305 Customers that have JDBCAppender configured may be vulnerable to SQL Injection attacks Change Summary: Removed JDBCAppender thus no longer allowing customers to use. CVE-2022-23307 / CVE-2020-9493 Unsafe deserialization issue present in Apache Chainsaw that was bundled in log4j1...

AlmaLinux 8 : parfait:0.5 (ALSA-2022:0290)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0290 advisory. log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23305 log4j: Unsafe deserialization flaw in Chainsaw log...

Amazon Linux 2 : log4j (ALAS-2022-1750)

The version of log4j installed on the remote host is prior to 1.2.17-18. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1750 advisory. A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to...

openSUSE 15 Security Update : kafka (openSUSE-SU-2022:0038-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0038-1 advisory. - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration...

Oracle Linux 7 : log4j (ELSA-2022-0442)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0442 advisory. 0:1.2.17-18 - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remot...

openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0214-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0214-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...

SUSE SLED12 / SLES12 Security Update : log4j (SUSE-SU-2022:0212-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0212-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write acce...

SUSE SLES11 Security Update : log4j (SUSE-SU-2022:14881-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14881-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...

Remote Code Execution (RCE)

Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system...

Remote Code Execution (RCE)

Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system...

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...