Lucene search
K

120 matches found

Metasploit
Metasploit
added 2021/12/16 5:42 p.m.946 views

Log4Shell HTTP Scanner

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP end point for the Log4Shell vulnerability by injectin...

10CVSS8.6AI score0.99999EPSS
Exploits353
Debian
Debian
added 2021/12/16 10:29 a.m.122 views

[SECURITY] [DSA 5022-1] apache-log4j2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5022-1 [email protected] https://www.debian.org/security/ Markus Koschany December 16, 2021 https://www.debian.org/security/faq -...

10CVSS10AI score0.99999EPSS
Exploits353
OSV
OSV
added 2021/12/16 12:0 a.m.114 views

DSA-5022-1 apache-log4j2 - security update

Bulletin has no description...

9CVSS8.8AI score0.99977EPSS
Exploits40
Tenable Nessus
Tenable Nessus
added 2021/12/16 12:0 a.m.109 views

Amazon Linux 2 : aws-kinesis-agent (ALAS-2021-1730)

The version of aws-kinesis-agent installed on the remote host is prior to 2.0.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1730 advisory. Amazon Kinesis Agent versions within Amazon Linux 2 AL2 prior to aws-kinesis-agent-2.0.4-1 included a version of...

10CVSS7.7AI score0.99999EPSS
Exploits353References5
Tenable Nessus
Tenable Nessus
added 2021/12/16 12:0 a.m.63 views

Debian DSA-5022-1 : apache-log4j2 - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5022 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations. This...

10CVSS7.5AI score0.99999EPSS
Exploits353References9
OpenVAS
OpenVAS
added 2021/12/16 12:0 a.m.28 views

Ubuntu: Security Advisory (USN-5197-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS10AI score0.99999EPSS
Exploits353References5
Huawei
Huawei
added 2021/12/15 12:0 a.m.303 views

Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products

Some Huawei products are affected by the Apache Log4j2 remote code execution vulnerabilities. The vulnerabilities are caused by a recursive parsing error in some functions of Apache Log4j2. An attacker can construct a malicious request to control log parameters to trigger a remote code execution...

10CVSS10AI score0.99999EPSS
Exploits353Affected Software27
Vulnrichment
Vulnrichment
added 2021/12/14 4:55 p.m.10 views

CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

9.9AI score0.99977EPSS
Exploits40References21
Positive Technologies
Positive Technologies
added 2021/12/14 12:0 a.m.13 views

PT-2021-5369

Name of the Vulnerable Software and Affected Versions Apache Log4j2 versions 2.15.0 Apache Log4j2 versions prior to 2.16.0 Java 8 Apache Log4j2 versions prior to 2.12.2 Java 7 Description The issue is related to the deserialization of untrusted data in the Apache Log4j2 library, which can be...

9CVSS10AI score0.99977EPSS
Exploits40References171
0day.today
0day.today
added 2021/12/14 12:0 a.m.722 views

Apache Log4j2 2.14.1 - Information Disclosure Exploit

Exploit Title: Apache Log4j2 2.14.1 - Information Disclosure Date: 12/12/2021 Exploit Author: leonjza Vendor Homepage: https://logging.apache.org/log4j/2.x/ Version: None: printf' i| new connection from self.clientaddress0' sock = self.request sock.recv1024 sock.sendallLDAPHEADER data =...

10CVSS10AI score0.99999EPSS
Exploits351
Packet Storm
Packet Storm
added 2021/12/14 12:0 a.m.574 views

Apache Log4j2 2.14.1 Remote Code Execution

Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Date: 11/12/2021 Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE:...

10CVSS0.99999EPSS
Exploits351
OpenVAS
OpenVAS
added 2021/12/13 12:0 a.m.51 views

Debian: Security Advisory (DLA-2842-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS10AI score0.99999EPSS
Exploits351References6
OpenVAS
OpenVAS
added 2021/12/13 12:0 a.m.47 views

Elastic Logstash Multiple Log4j Vulnerabilities (ESA-2021-31, Log4Shell)

Elastic Logstash is prone to multiple vulnerabilities in the Apache Log4j library. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS7AI score0.99999EPSS
Exploits353References11
Tenable Nessus
Tenable Nessus
added 2021/12/13 12:0 a.m.117 views

Debian DLA-2842-1 : apache-log4j2 - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2842 advisory. - Apache Log4j2 2.10 this behavior can be mitigated by setting system property log4j2.formatMsgNoLookups to true or it can be mitigated in prior releases 2.10 by removing t...

10CVSS8AI score0.99999EPSS
Exploits351References6
BDU FSTEC
BDU FSTEC
added 2021/12/13 12:0 a.m.5 views

The vulnerability of the JNDI component of the Apache Log4j2 logging library allows a perpetrator to execute arbitrary code.

The vulnerability of the JNDI component of the Apache Log4j2 logging library is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

10CVSS7.6AI score0.99999EPSS
Exploits351References18Affected Software28
GithubExploit
GithubExploit
added 2021/12/12 11:37 p.m.402 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Log4Shell Proof of Concept A...

10CVSS9.5AI score0.99999EPSS
Exploits351
Debian
Debian
added 2021/12/12 3:9 p.m.93 views

[SECURITY] [DLA 2842-1] apache-log4j2 security update

Debian LTS Advisory DLA-2842-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 12, 2021 https://wiki.debian.org/LTS Package : apache-log4j2 Version : 2.7-2+deb9u1 CVE ID : CVE-2021-44228 Debian Bug : 1001478 Chen Zhaojun of Alibaba Cloud Security Team...

10CVSS7.1AI score0.99999EPSS
Exploits351
Arista
Arista
added 2021/12/12 12:0 a.m.90 views

Security Advisory 0070

Security Advisory 0070 PDF Date: May 20th, 2022 Revision | Date | Changes ---|---|--- 1.6 | May 20th, 2022 | Update CVEs affected release info 1.5 | January 4th, 2022 | Add information about CVE-2021-44832 1.4 | December 21st, 2021 | Add information about CVE-2021-45105 1.3 | December 17th, 2021 ...

10CVSS10AI score0.99999EPSS
Exploits358
OSV
OSV
added 2021/12/12 12:0 a.m.225 views

DLA-2842-1 apache-log4j2 - security update

Bulletin has no description...

10CVSS10AI score0.99999EPSS
Exploits351
OpenVAS
OpenVAS
added 2021/12/12 12:0 a.m.38 views

Debian: Security Advisory (DSA-5020-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.3AI score0.99999EPSS
Exploits351References6
Rows per page
Query Builder