39 matches found
SUSE CVE-2018-8088
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series...
Critical: Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 12 security update
This is a security update for JBoss EAP Continuous Delivery 12.0. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2018-8088
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...
Huawei EulerOS: Security Advisory for slf4j (EulerOS-SA-2018-1159)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the org.slf4j.ext.EventData component in the slf4j-ext library of SLF4J allows attackers to circumvent existing security restrictions.
The vulnerability of the org.slf4j.ext.EventData component in the slf4j-ext library of SLF4J lies in the possibility of memory corruption due to an unreliable data structure. Exploiting this vulnerability allows a remote attacker to circumvent existing security restrictions...
openSUSE Security Update : slf4j (openSUSE-2019-423)
This update for slf4j fixes the following security issue : - CVE-2018-8088: Remote attackers could have bypassed intended access restrictions via crafted data. Disallow EventData deserialization by default from now on bsc1085970. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...
Access Restriction Bypass
slf4j-ext is vulnerable to remote code execution RCE through access restriction bypass. Attackers can use data passed to the EventData class in order to bypass intended access restrictions, causing a deserialization vulnerability...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...
Important: Red Hat Security Advisory: Red Hat Decision Manager 7.0.1 bug fix and security update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...
EulerOS 2.0 SP3 : slf4j (EulerOS-SA-2018-1159)
According to the versions of the slf4j package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Simple Logging Facade for Java or SLF4J is intended to serve as a simple facade for various logging APIs allowing to the end-user to plug in t...
Security update for slf4j (important)
This update for slf4j fixes the following security issue: - CVE-2018-8088: Remote attackers could have bypassed intended access restrictions via crafted data. Disallow EventData deserialization by default from now on bsc1085970...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.20 (RHSA-2018:1448)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1448 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...