Lucene search
K

120 matches found

Tenable Nessus
Tenable Nessus
added 2022/05/02 12:0 a.m.284 views

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2021-001)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0312.b07-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2021-001 advisory. No versions of an Amazon Linux Java Virtual Machine JVM are affected by CVE-2021-44228 o...

10CVSS7.7AI score0.99999EPSS
Exploits353References5
GithubExploit
GithubExploit
added 2022/03/14 4:9 a.m.336 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 !Dockerfilehttps://github.com/ahmad4fifz/C...

10CVSS9.3AI score0.99999EPSS
Exploits351
Apple
Apple
added 2022/03/14 12:0 a.m.656 views

About the security content of Xcode 13.3

About the security content of Xcode 13.3 This document describes the security content of Xcode 13.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

10CVSS10AI score0.99999EPSS
Exploits351References1Affected Software1
Redos
Redos
added 2022/02/01 12:0 a.m.36 views

ROS-20220125-04

Apache Log4j2 Java program logging library vulnerability is related to the lack of additional JNDI access controls. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using the JDBC Appender. remotely execute arbitrary code using the JDBC Appender...

8.5CVSS8.8AI score0.97906EPSS
Exploits9
Amazon
Amazon
added 2022/01/20 12:0 a.m.100 views

Medium: aws-kinesis-agent

Issue Overview: Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC...

8.5CVSS9.1AI score0.97906EPSS
Exploits9
Metasploit
Metasploit
added 2022/01/17 5:42 p.m.1991 views

Log4Shell HTTP Header Injection

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will exploit an HTTP end point with the Log4Shell vulnerability by...

10CVSS7.1AI score0.99999EPSS
Exploits351
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/12 9:48 a.m.20 views

Security Bulletin: Multiple Vulnerabilities in Apache Log4j2 affect IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA, IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center

Summary There are vulnerabilities in Apache log4j2 used by IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA, IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center. IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA, IBM Spectrum LSF Explorer and IBM Spectrum LSF Application...

8.5CVSS0.8AI score0.97906EPSS
Exploits9Affected Software4
Packet Storm
Packet Storm
added 2022/01/12 12:0 a.m.842 views

Log4Shell HTTP Header Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Header Injection', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in...

10CVSS0.99999EPSS
Exploits351
OSV
OSV
added 2022/01/11 8:42 p.m.6 views

USN-5222-1 apache-log4j2 vulnerabilities

It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. CVE-2021-44832 Hideki Okamoto and Guy...

8.5CVSS6.8AI score0.99999EPSS
Exploits22References3
Github Security Blog
Github Security Blog
added 2022/01/04 4:14 p.m.77 views

Improper Input Validation and Injection in Apache Log4j2

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JN...

8.5CVSS4.7AI score0.97906EPSS
Exploits9References17Affected Software2
OSV
OSV
added 2022/01/03 7:36 a.m.9 views

MGASA-2022-0002 Updated log4j packages fix security vulnerability

Apache Log4j2 is vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed b...

8.5CVSS7.2AI score0.97906EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2022/01/03 12:0 a.m.43 views

openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0002-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0002-1 advisory. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE...

8.5CVSS8.7AI score0.97906EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2022/01/01 12:0 a.m.48 views

Debian DLA-2870-1 : apache-log4j2 - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2870 advisory. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration...

8.5CVSS8.7AI score0.97906EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2021/12/31 12:0 a.m.50 views

openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4208-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:4208-1 advisory. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE...

8.5CVSS8.7AI score0.97906EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2021/12/30 12:0 a.m.48 views

Debian DLA-2852-1 : apache-log4j2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2852 advisory. Several security vulnerabilities were found in Apache Log4j2, a Logging Framework for Java, which could lead to a denial of service or information disclosure...

5.9CVSS7.6AI score0.99999EPSS
Exploits20References8
OpenVAS
OpenVAS
added 2021/12/30 12:0 a.m.16 views

Debian: Security Advisory (DLA-2870-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS8.1AI score0.97906EPSS
Exploits9References4
Debian
Debian
added 2021/12/29 10:57 p.m.63 views

[SECURITY] [DLA 2870-1] apache-log4j2 security update

Debian LTS Advisory DLA-2870-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 29, 2021 https://wiki.debian.org/LTS Package : apache-log4j2 Version : 2.12.4-0+deb9u1 CVE ID : CVE-2021-44832 Debian Bug : 1002813 Apache Log4j2, a Java Logging Framework, is...

8.5CVSS7.1AI score0.97906EPSS
Exploits9
OSV
OSV
added 2021/12/29 12:0 a.m.39 views

DLA-2870-1 apache-log4j2 - security update

Bulletin has no description...

8.5CVSS8.3AI score0.97906EPSS
Exploits9
ATTACKERKB
ATTACKERKB
added 2021/12/28 8:15 p.m.148 views

CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...

8.5CVSS7.7AI score0.97906EPSS
In wildExploits9References15
Prion
Prion
added 2021/12/28 8:15 p.m.37 views

Remote code execution

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...

8.5CVSS7.2AI score0.97906EPSS
Exploits9References12Affected Software22
Rows per page
Query Builder