Lucene search
K

39 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.3 views

SUSE CVE-2018-8088

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series...

8.1CVSS7AI score0.15087EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/15 4:8 p.m.88 views

Critical: Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 12 security update

This is a security update for JBoss EAP Continuous Delivery 12.0. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7.3AI score0.91896EPSS
Exploits11References6
RedhatCVE
RedhatCVE
added 2020/04/09 9:37 a.m.38 views

CVE-2018-8088

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS3.7AI score0.15087EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for slf4j (EulerOS-SA-2018-1159)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.15087EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/09/05 12:0 a.m.5 views

The vulnerability of the org.slf4j.ext.EventData component in the slf4j-ext library of SLF4J allows attackers to circumvent existing security restrictions.

The vulnerability of the org.slf4j.ext.EventData component in the slf4j-ext library of SLF4J lies in the possibility of memory corruption due to an unreliable data structure. Exploiting this vulnerability allows a remote attacker to circumvent existing security restrictions...

10CVSS5.6AI score0.15087EPSS
Exploits0References5Affected Software9
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.27 views

openSUSE Security Update : slf4j (openSUSE-2019-423)

This update for slf4j fixes the following security issue : - CVE-2018-8088: Remote attackers could have bypassed intended access restrictions via crafted data. Disallow EventData deserialization by default from now on bsc1085970. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...

9.8CVSS7.3AI score0.15087EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/15 9:21 a.m.38 views

Access Restriction Bypass

slf4j-ext is vulnerable to remote code execution RCE through access restriction bypass. Attackers can use data passed to the EventData class in order to bypass intended access restrictions, causing a deserialization vulnerability...

9.8CVSS9.6AI score0.15087EPSS
Exploits0References91Affected Software97
RedHat Linux
RedHat Linux
added 2018/10/16 5:5 p.m.1 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/08/15 7:41 a.m.1 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/08/15 7:41 a.m.2 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/07/05 3:28 p.m.153 views

Important: Red Hat Security Advisory: Red Hat Decision Manager 7.0.1 bug fix and security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

9.8CVSS7.3AI score0.15087EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.25 views

EulerOS 2.0 SP3 : slf4j (EulerOS-SA-2018-1159)

According to the versions of the slf4j package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Simple Logging Facade for Java or SLF4J is intended to serve as a simple facade for various logging APIs allowing to the end-user to plug in t...

9.8CVSS7.5AI score0.15087EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/09 3:10 p.m.160 views

Security update for slf4j (important)

This update for slf4j fixes the following security issue: - CVE-2018-8088: Remote attackers could have bypassed intended access restrictions via crafted data. Disallow EventData deserialization by default from now on bsc1085970...

7.5CVSS6AI score0.15087EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/05/18 12:0 a.m.60 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.20 (RHSA-2018:1448)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1448 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

9.8CVSS7.8AI score0.49727EPSS
Exploits7References20
RedHat Linux
RedHat Linux
added 2018/05/15 7:44 p.m.2 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/14 8:36 p.m.4 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/14 8:36 p.m.2 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/14 8:36 p.m.2 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/14 8:15 p.m.2 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/04 2:33 p.m.2 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
Rows per page
Query Builder