38 matches found
Astra Linux – Vulnerability in libpgjava
In pgjdbc before version 42.3.3, an attacker who controls the jdbc URL or properties can use java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example scenario is that an attacker could create a executable JSP file under a...
Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016702)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016702 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...
EUVD-2002-0968
Malware in sbrugna...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
PoC exploit for CVE-2021-44228, a Java logging library vulnerability. The target product/service is Apache Log4j, a Java logging library. The vulnerability class/vector is RCE Remote Code Execution via JNDI Java Naming and Directory Interface lookup. The probable entry points are JNDI lookups...
Apache Log4j 安全漏洞
Apache Log4j is a Java-based open source logging tool from the Apache USA Foundation. A security vulnerability exists in Apache Log4j version 1.2 that stems from untrusted data deserialization...
Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2021-003)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-003 advisory. A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system log...
Apache Log4j: Multiple Vulnerabilities
Background Log4j is a Java logging framework that supports various use cases with a rich set of components, a separate API, and a performance-optimized implementation. Description Multiple vulnerabilities hav been discovered in Apache Log4j. Please review the CVE identifiers referenced below for...
Important: log4j
Issue Overview: A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
SUSE CVE-2023-26464
UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...
Malicious Npm Packages Tapped Again to Target Discord Users
Threat actors once again are using the node package manager npm repository to hide malware that can steal Discord tokens to monitor user sessions and steal data on the popular chat and collaboration platform, researchers have found. A campaign discovered this week by Kaspersky researchers is hidi...
The vulnerability of the Log4j Java logging library, related to insecure privilege management, allows an attacker to execute arbitrary code.
The vulnerability of the Log4j Java logging library lies in the insecure management of privileges. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the Log4j Java logging library lies in its insecure handling of privileges, allowing attackers to escalate their privileges.
The vulnerability of the Log4j Java logging library lies in the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
Cisco Identity Services Log4j Engine Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)
Cisco Identity Services Engine is affected by the following critical vulnerability in the Apache Log4j Java logging library as descibed in the cisco-sa-apache-log4j-qRuKNEbd advisory. - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Netcool Performance Manager
Summary Apache-Log4j - CVE-2021-4104, Apache-Log4j - CVE-2022-23302, Apache-Log4j - CVE-2022-23305, Apache-Log4j - CVE-2022-23307 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- TNPM|...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...