10 matches found
Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which can allow an attacker to execute arbitrary code
Summary Logback could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an...
aero.champ:cargojson (=1.0), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12) +17352 more potentially affected by CVE-2017-5929 via ch.qos.logback:logback-core (>=0.2.5 <=1.1.9)
ch.qos.logback:logback-core MAVEN version =0.2.5, =0.1.8, =0.1.6, =0.1.4-SB1X, =0.11.0, =0.7.0, =0.6.1, =0.11.0, =0.6.1, =0.13.0 and more Source cves: CVE-2017-5929 Source advisory: OSV:GHSA-VMFG-RJJM-RJRJ...
aero.champ:cargojson (=1.0), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12) +17133 more potentially affected by CVE-2017-5929 via ch.qos.logback:logback-classic (>=0.6 <=1.1.9)
ch.qos.logback:logback-classic MAVEN version =0.6, =0.1.8, =0.1.6, =0.1.4-SB1X, =0.11.0, =0.7.0, =0.6.1, =0.11.0, =0.6.1, =0.13.0 and more Source cves: CVE-2017-5929 Source advisory: OSV:GHSA-VMFG-RJJM-RJRJ...
Updated logback packages fix security vulnerability
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...
MGASA-2019-0079 Updated logback packages fix security vulnerability
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...
U.S. Dept Of Defense: 2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929
Summary: GitHub repo: https://github.com/████████ QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. High Severity Arbitrary Code Execution Vulnerable module: ch.qos.logback:logback-core Introduced through:...
Arbitrary Code Execution Through Serialization
QOS.ch Logback is vulnerable to arbitrary code execution through serialization. It is possible to write untrusted objects from the Logger, allowing arbitrary code execution. This is related to CVE-2017-5929...
Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2017-5929
CVE-2017-5929 – Logback deserialization issue : QOS.ch Logback up to 1.2.0 contains a serialization vulnerability in the SocketServer and ServerSocketReceiver paths. The RemoteStreamAppenderClient, SocketNode, and related classes deserialize data from a Java Socket via ObjectInputStream without v...