Lucene search
K

38 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in libpgjava

In pgjdbc before version 42.3.3, an attacker who controls the jdbc URL or properties can use java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example scenario is that an attacker could create a executable JSP file under a...

9.8CVSS7.3AI score0.02928EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016702)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016702 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

5.9CVSS7AI score0.99999EPSS
Exploits20References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2002-0968

Malware in sbrugna...

7.5CVSS6.4AI score0.06457EPSS
Exploits0References4
Gitee
Gitee
added 2025/09/06 9:50 a.m.96 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

PoC exploit for CVE-2021-44228, a Java logging library vulnerability. The target product/service is Apache Log4j, a Java logging library. The vulnerability class/vector is RCE Remote Code Execution via JNDI Java Naming and Directory Interface lookup. The probable entry points are JNDI lookups...

10CVSS8.7AI score0.99999EPSS
Exploits351
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.8 views

Apache Log4j 安全漏洞

Apache Log4j is a Java-based open source logging tool from the Apache USA Foundation. A security vulnerability exists in Apache Log4j version 1.2 that stems from untrusted data deserialization...

2.3CVSS6.7AI score0.00371EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.33 views

Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2021-003)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-003 advisory. A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system log...

10CVSS7.8AI score0.99999EPSS
Exploits351References3
Gentoo Linux
Gentoo Linux
added 2024/02/18 12:0 a.m.46 views

Apache Log4j: Multiple Vulnerabilities

Background Log4j is a Java logging framework that supports various use cases with a rich set of components, a separate API, and a performance-optimized implementation. Description Multiple vulnerabilities hav been discovered in Apache Log4j. Please review the CVE identifiers referenced below for...

9.8CVSS7.5AI score0.6906EPSS
Exploits4
Amazon
Amazon
added 2023/04/05 12:0 a.m.56 views

Important: log4j

Issue Overview: A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

9.8CVSS8.7AI score0.66537EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/03/15 3:33 a.m.3 views

SUSE CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

7.5CVSS7.6AI score0.01905EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2022/07/29 3:7 p.m.60 views

Malicious Npm Packages Tapped Again to Target Discord Users

Threat actors once again are using the node package manager npm repository to hide malware that can steal Discord tokens to monitor user sessions and steal data on the popular chat and collaboration platform, researchers have found. A campaign discovered this week by Kaspersky researchers is hidi...

7.4AI score
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.5 views

The vulnerability of the Log4j Java logging library, related to insecure privilege management, allows an attacker to execute arbitrary code.

The vulnerability of the Log4j Java logging library lies in the insecure management of privileges. Exploiting this vulnerability allows an attacker to execute arbitrary code...

8.8CVSS8.2AI score0.00374EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/05/05 12:0 a.m.5 views

The vulnerability of the Log4j Java logging library lies in its insecure handling of privileges, allowing attackers to escalate their privileges.

The vulnerability of the Log4j Java logging library lies in the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

8.8CVSS7.8AI score0.00361EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/02 12:0 a.m.166 views

Cisco Identity Services Log4j Engine Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)

Cisco Identity Services Engine is affected by the following critical vulnerability in the Apache Log4j Java logging library as descibed in the cisco-sa-apache-log4j-qRuKNEbd advisory. - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log...

10CVSS8AI score0.99999EPSS
Exploits351References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/19 8:40 a.m.169 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Netcool Performance Manager

Summary Apache-Log4j - CVE-2021-4104, Apache-Log4j - CVE-2022-23302, Apache-Log4j - CVE-2022-23305, Apache-Log4j - CVE-2022-23307 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- TNPM|...

9.8CVSS10.2AI score0.81147EPSS
Exploits10Affected Software1
RedHat Linux
RedHat Linux
added 2022/02/07 1:55 p.m.4 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/02/07 1:54 p.m.4 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/02/07 1:43 p.m.14 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/02/03 6:23 p.m.3 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/01/26 2:57 p.m.4 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/01/20 6:19 p.m.5 views

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

5.9CVSS7.3AI score0.99999EPSS
Exploits20References7
Rows per page
Query Builder