Lucene search
+L

37 matches found

UbuntuCve
UbuntuCve
added 2021/12/19 12:0 a.m.66 views

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

5.9CVSS7AI score0.99999EPSS
Exploits21References5
Tenable Nessus
Tenable Nessus
added 2021/12/19 12:0 a.m.55 views

Debian DSA-5024-1 : apache-log4j2 - security update

The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5024 advisory. It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configurati...

5.9CVSS7.4AI score0.99999EPSS
Exploits21References7
Github Security Blog
Github Security Blog
added 2021/12/18 6:0 p.m.65 views

Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in...

5.9CVSS4.9AI score0.99999EPSS
Exploits21References19Affected Software2
Prion
Prion
added 2021/12/18 12:15 p.m.37 views

Code injection

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

4.3CVSS7.5AI score0.99999EPSS
Exploits21References13Affected Software115
Debian CVE
Debian CVE
added 2021/12/18 11:55 a.m.43 views

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

5.9CVSS7.2AI score0.99999EPSS
Exploits21
Positive Technologies
Positive Technologies
added 2021/12/18 12:0 a.m.12 views

PT-2021-5478

Name of the Vulnerable Software and Affected Versions Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 Description The issue allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted, due to uncontroll...

7.8CVSS7.1AI score0.99999EPSS
Exploits21References121
Tenable Nessus
Tenable Nessus
added 2021/12/17 12:0 a.m.64 views

openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4094-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:4094-1 advisory. - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not...

10CVSS8.1AI score0.99999EPSS
Exploits357References7
GithubExploit
GithubExploit
added 2021/12/15 4:28 p.m.459 views

Exploit for Expression Language Injection in Apache Log4J

tejas-nagchandi/CVE-2021-45046 Attack !imagehttps://use...

10CVSS10AI score0.99999EPSS
Exploits357
ThreatPost
ThreatPost
added 2021/12/15 2:4 p.m.166 views

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

As if finding one easily exploited and extremely dangerous flaw in the ubiquitous Java logging library Apache Log4j hadn’t already turned the Internet security community on its ear, researchers now have found a new vulnerability in Apache’s patch issued to mitigate it. Last Thursday security...

10CVSS10AI score0.99999EPSS
Exploits358References16
Tenable Nessus
Tenable Nessus
added 2021/12/15 12:0 a.m.195 views

Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5197-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5197-1 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. An attacker could use...

10CVSS7.5AI score0.99999EPSS
Exploits357References3
Prion
Prion
added 2021/12/14 7:15 p.m.81 views

Default configuration

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

5.1CVSS9.5AI score0.99999EPSS
Exploits357References21Affected Software31
OSV
OSV
added 2021/12/14 6:1 p.m.5 views

GHSA-7RJR-3Q55-VV33 Incomplete fix for Apache Log4j vulnerability

Impact The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup for...

9CVSS7.5AI score0.99999EPSS
Exploits357References28
Cvelist
Cvelist
added 2021/12/14 4:55 p.m.45 views

CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

8.7AI score0.99977EPSS
Exploits41References21
UbuntuCve
UbuntuCve
added 2021/12/14 4:30 p.m.73 views

CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

9CVSS7.5AI score0.99977EPSS
Exploits41References7
Tenable Nessus
Tenable Nessus
added 2021/12/14 12:0 a.m.486 views

Apache Log4j 2.x < 2.16.0 RCE

The version of Apache Log4j on the remote host is 2.x 2.12.2 / 2.16.0. It is, therefore, affected by a remote code execution vulnerability. The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over...

10CVSS8.3AI score0.99999EPSS
Exploits357References3
FreeBSD
FreeBSD
added 2021/11/14 12:0 a.m.355 views

graylog -- remote code execution in log4j from user-controlled log input

Apache Software Foundation reports: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default...

10CVSS2.1AI score0.99999EPSS
Exploits355References3
Prion
Prion
added 2019/05/24 5:29 p.m.21 views

Design/Logic Flaw

Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

10CVSS9.6AI score0.00935EPSS
Exploits0References1
Rows per page
Query Builder