Astra Linux – Vulnerability in Apache Log4j1.2

CVE-2020-9493 identified a deserialization issue present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.2.x, and the same issue still exists there...

MiracleLinux 8 : parfait:0.5 (AXSA:2022-3020:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3020:01 advisory. log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23305 log4j: Unsafe deserialization flaw in Chainsaw l...

VulnCheck KEV: CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

EUVD-2020-30300

Malware in sbrugna...

EUVD-2022-0575

Malicious code in bioql PyPI...

Malicious code in @lbnqduy/improved-chainsaw (npm)

The package @lbnqduy/improved-chainsaw was found to contain malicious code...

Malicious code in @lbnqduy/turbo-chainsaw (npm)

The package @lbnqduy/turbo-chainsaw was found to contain malicious code...

MAL-2025-8332 Malicious code in @lbnqduy/improved-chainsaw (npm)

The package @lbnqduy/improved-chainsaw was found to contain malicious code...

MAL-2025-8357 Malicious code in @lbnqduy/turbo-chainsaw (npm)

The package @lbnqduy/turbo-chainsaw was found to contain malicious code...

CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

Advisory ROSA-SA-2024-2519

software: log4j12 1.2.17 OS: ROSA-CHROME packageevrstring: log4j12-1.2.17-26 CVE-ID: CVE-2019-17571 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: Log4j 1.2 includes a SocketServer class that is vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in...

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

OPENSUSE-SU-2024:11682-1 chainsaw-1.2.17-5.1 on GA media

These are all security issues fixed in the chainsaw-1.2.17-5.1 package on the GA media of openSUSE Tumbleweed...

RHEL 6 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - log4j: Socket receiver deserialization vulnerability CVE-2017-5645 - UNSUPPORTED WHEN ASSIGNED When using...

GLSA-202402-16 : Apache Log4j: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-16 Apache Log4j: Multiple Vulnerabilities - Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with ...

Rocky Linux 8 : parfait:0.5 (RLSA-2022:0290)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0290 advisory. - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacke...

The vulnerability of the Chainsaw and SocketAppender components of the Log4j Java logging library allows a malicious actor to trigger a service failure.

The vulnerability of the Chainsaw and SocketAppender components of the Log4j Java logging library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to cause a service failure...