Astra Linux - уязвимость в apache-log4j1.2

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

MiracleLinux 8 : parfait:0.5 (AXSA:2022-3020:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3020:01 advisory. log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23305 log4j: Unsafe deserialization flaw in Chainsaw l...

VulnCheck KEV: CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

EUVD-2020-30300

Malware in sbrugna...

EUVD-2022-0575

Malicious code in bioql PyPI...

Malicious code in @lbnqduy/improved-chainsaw (npm)

The package @lbnqduy/improved-chainsaw was found to contain malicious code...

Malicious code in @lbnqduy/turbo-chainsaw (npm)

The package @lbnqduy/turbo-chainsaw was found to contain malicious code...

MAL-2025-8332 Malicious code in @lbnqduy/improved-chainsaw (npm)

The package @lbnqduy/improved-chainsaw was found to contain malicious code...

MAL-2025-8357 Malicious code in @lbnqduy/turbo-chainsaw (npm)

The package @lbnqduy/turbo-chainsaw was found to contain malicious code...

CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

Advisory ROSA-SA-2024-2519

software: log4j12 1.2.17 OS: ROSA-CHROME packageevrstring: log4j12-1.2.17-26 CVE-ID: CVE-2019-17571 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: Log4j 1.2 includes a SocketServer class that is vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in...

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

OPENSUSE-SU-2024:11682-1 chainsaw-1.2.17-5.1 on GA media

These are all security issues fixed in the chainsaw-1.2.17-5.1 package on the GA media of openSUSE Tumbleweed...

RHEL 6 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - log4j: Socket receiver deserialization vulnerability CVE-2017-5645 - UNSUPPORTED WHEN ASSIGNED When using...

GLSA-202402-16 : Apache Log4j: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-16 Apache Log4j: Multiple Vulnerabilities - Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with ...

Rocky Linux 8 : parfait:0.5 (RLSA-2022:0290)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0290 advisory. - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacke...

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...