137 matches found
openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0214-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0214-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...
SUSE SLES15 Security Update : log4j (SUSE-SU-2022:0214-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0214-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...
Security update for log4j12 (important)
openSUSE Security Update: Security update for log4j12 Announcement ID: openSUSE-SU-2022:0226-1 Rating: important References: 1193184 1194842 1194843 1194844 Cross-References: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVSS scores: CVE-2022-23302 NVD : 8.8...
SUSE SLES11 Security Update : log4j (SUSE-SU-2022:14881-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14881-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
Important: Red Hat Security Advisory: parfait:0.5 security update
An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
Important: Red Hat Security Advisory: parfait:0.5 security update
An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
ALSA-2022:0290 Important: parfait:0.5 security update
Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot PCP using the Memory Mapped Value MMV machinery for...
Apache log4j Chainsaw deserialization code execution vulnerability
Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j Chainsaw is vulnerable to deserialized code execution. The vulnerability stems from insufficient cleanup of user-supplied data in JDBCAppender in a non-default configuration with JDBCAppender enabled. A...
Remote Code Execution (RCE)
Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system...
Remote Code Execution (RCE)
Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system...
GHSA-F7VH-QWP3-X37M Deserialization of Untrusted Data in Apache Log4j
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the...
Deserialization of Untrusted Data in Apache Log4j
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the...
CVE-2022-23307
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...
DEBIAN-CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...