120 matches found
Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2021-001)
The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0312.b07-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2021-001 advisory. No versions of an Amazon Linux Java Virtual Machine JVM are affected by CVE-2021-44228 o...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 !Dockerfilehttps://github.com/ahmad4fifz/C...
About the security content of Xcode 13.3
About the security content of Xcode 13.3 This document describes the security content of Xcode 13.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
ROS-20220125-04
Apache Log4j2 Java program logging library vulnerability is related to the lack of additional JNDI access controls. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using the JDBC Appender. remotely execute arbitrary code using the JDBC Appender...
Medium: aws-kinesis-agent
Issue Overview: Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC...
Log4Shell HTTP Header Injection
Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will exploit an HTTP end point with the Log4Shell vulnerability by...
Security Bulletin: Multiple Vulnerabilities in Apache Log4j2 affect IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA, IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center
Summary There are vulnerabilities in Apache log4j2 used by IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA, IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center. IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA, IBM Spectrum LSF Explorer and IBM Spectrum LSF Application...
Log4Shell HTTP Header Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Header Injection', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in...
USN-5222-1 apache-log4j2 vulnerabilities
It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. CVE-2021-44832 Hideki Okamoto and Guy...
Improper Input Validation and Injection in Apache Log4j2
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JN...
MGASA-2022-0002 Updated log4j packages fix security vulnerability
Apache Log4j2 is vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed b...
openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0002-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0002-1 advisory. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE...
Debian DLA-2870-1 : apache-log4j2 - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2870 advisory. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration...
openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4208-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:4208-1 advisory. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE...
Debian DLA-2852-1 : apache-log4j2 - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2852 advisory. Several security vulnerabilities were found in Apache Log4j2, a Logging Framework for Java, which could lead to a denial of service or information disclosure...
Debian: Security Advisory (DLA-2870-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2870-1] apache-log4j2 security update
Debian LTS Advisory DLA-2870-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 29, 2021 https://wiki.debian.org/LTS Package : apache-log4j2 Version : 2.12.4-0+deb9u1 CVE ID : CVE-2021-44832 Debian Bug : 1002813 Apache Log4j2, a Java Logging Framework, is...
DLA-2870-1 apache-log4j2 - security update
Bulletin has no description...
CVE-2021-44832
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...
Remote code execution
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...