Lucene search
+L

137 matches found

nessus
nessus
added 2022/01/28 12:0 a.m.60 views

openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0214-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0214-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...

9.8CVSS8.8AI score0.66537EPSS
Exploits1References10
nessus
nessus
added 2022/01/28 12:0 a.m.55 views

SUSE SLES15 Security Update : log4j (SUSE-SU-2022:0214-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0214-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...

9.8CVSS7.6AI score0.66537EPSS
Exploits1References10
opensuse
opensuse
added 2022/01/28 12:0 a.m.73 views

Security update for log4j12 (important)

openSUSE Security Update: Security update for log4j12 Announcement ID: openSUSE-SU-2022:0226-1 Rating: important References: 1193184 1194842 1194843 1194844 Cross-References: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVSS scores: CVE-2022-23302 NVD : 8.8...

8.1CVSS10AI score0.66537EPSS
Exploits1References4
nessus
nessus
added 2022/01/27 12:0 a.m.66 views

SUSE SLES11 Security Update : log4j (SUSE-SU-2022:14881-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14881-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...

9.8CVSS7.6AI score0.66537EPSS
Exploits1References10
redhat
redhat
added 2022/01/26 2:57 p.m.4 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
redhat
redhat
added 2022/01/26 2:54 p.m.6 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
redhat
redhat
added 2022/01/26 2:54 p.m.71 views

Important: Red Hat Security Advisory: parfait:0.5 security update

An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

9.8CVSS7.5AI score0.81147EPSS
Exploits10References6
redhat
redhat
added 2022/01/26 2:51 p.m.4 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
redhat
redhat
added 2022/01/26 2:48 p.m.74 views

Important: Red Hat Security Advisory: parfait:0.5 security update

An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.5AI score0.81147EPSS
Exploits10References6
redhat
redhat
added 2022/01/26 2:48 p.m.5 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
osv
osv
added 2022/01/26 2:27 p.m.44 views

ALSA-2022:0290 Important: parfait:0.5 security update

Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot PCP using the Memory Mapped Value MMV machinery for...

9.8CVSS9.7AI score0.81147EPSS
Exploits10References5
cnvd
cnvd
added 2022/01/20 12:0 a.m.39 views

Apache log4j Chainsaw deserialization code execution vulnerability

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j Chainsaw is vulnerable to deserialized code execution. The vulnerability stems from insufficient cleanup of user-supplied data in JDBCAppender in a non-default configuration with JDBCAppender enabled. A...

9CVSS3.8AI score0.52458EPSS
Exploits0References1
veracode
veracode
added 2022/01/19 4:44 a.m.11 views

Remote Code Execution (RCE)

Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system...

9.8CVSS7.5AI score0.04612EPSS
Exploits0References6Affected Software1
veracode
veracode
added 2022/01/19 4:24 a.m.52 views

Remote Code Execution (RCE)

Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system...

8.8CVSS4.8AI score0.52458EPSS
Exploits0References6Affected Software93
osv
osv
added 2022/01/19 12:1 a.m.9 views

GHSA-F7VH-QWP3-X37M Deserialization of Untrusted Data in Apache Log4j

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the...

9.8CVSS7.1AI score0.52458EPSS
Exploits0References5
github
github
added 2022/01/19 12:1 a.m.153 views

Deserialization of Untrusted Data in Apache Log4j

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the...

9.8CVSS4.9AI score0.52458EPSS
Exploits0References6Affected Software2
redhatcve
redhatcve
added 2022/01/18 4:16 p.m.116 views

CVE-2022-23307

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS2.3AI score0.52458EPSS
Exploits0References4
nvd
nvd
added 2022/01/18 4:15 p.m.38 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

9CVSS0.52458EPSS
Exploits0References4
attackerkb
attackerkb
added 2022/01/18 4:15 p.m.8 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

9.8CVSS7AI score0.52458EPSS
Exploits0References5Affected Software1
osv
osv
added 2022/01/18 4:15 p.m.2 views

DEBIAN-CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

8.8CVSS7.3AI score0.52458EPSS
Exploits0References1
Rows per page
Query Builder