Lucene search
K

42 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Apache Log4j2

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI, provided that the attacker has control over the target LDAP server. Thi...

8.5CVSS8.7AI score0.97906EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016732)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016732 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

8.5CVSS7.7AI score0.97906EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: netty (UTSA-2026-016738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016738 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

8.5CVSS7.7AI score0.97906EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: jgroups (UTSA-2026-016741)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016741 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

10CVSS7.3AI score0.99999EPSS
Exploits347References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016742)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016742 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

8.5CVSS7.7AI score0.97906EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : xstream-1.3.1-16.el7 (AXSA:2021-2499:04)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2499:04 advisory. xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl CVE-2021-39139 xstream: Arbitrary code execution via...

8.8CVSS8.1AI score0.9851EPSS
Exploits16References15
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.171-2.6.13.0.AXS4 (AXSA:2018-2753:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2753:01 advisory. A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...

8.3CVSS7.1AI score0.06905EPSS
Exploits0References15
GithubExploit
GithubExploit
added 2025/11/04 1:21 a.m.215 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-...

10CVSS8.6AI score0.99999EPSS
Exploits347
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6565

Malicious code in bioql PyPI...

9.8CVSS8.8AI score0.0231EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 p.m.18 views

CVE-2022-25167

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

9.8CVSS7.7AI score0.04627EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.3 views

log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint...

10CVSS7.7AI score0.99999EPSS
Exploits347References9
Tenable Nessus
Tenable Nessus
added 2023/02/19 12:0 a.m.39 views

FreeBSD : Rundeck3 -- Log4J RCE vulnerability (27c822a0-addc-11ed-a9ee-dca632b19f10)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 27c822a0-addc-11ed-a9ee-dca632b19f10 advisory. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are...

8.5CVSS8.8AI score0.97906EPSS
Exploits9References3
Veracode
Veracode
added 2022/12/22 12:55 a.m.39 views

Remote Code Execution (RCE)

org.apache.karaf.jaas.modules is vulnerable to remote code execution. The vulnerability exists because the doCreateDatasource function in JDBCUtils.java does not properly validate the jndiName parameter in the JNDI scheme when a configuration uses a JNDI LDAP data source URI, allowing an attacker...

9.8CVSS9.4AI score0.02404EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/21 12:0 a.m.5 views

PT-2022-25242 · Apache · Apache Karaf

Name of the Vulnerable Software and Affected Versions: Apache Karaf versions prior to 4.4.2 and 4.3.8 Description: This issue is about a potential code injection when an attacker has control of the target LDAP server using the JDBC JNDI URL. The function...

9.8CVSS9.8AI score0.02404EPSS
Exploits0References13
CNVD
CNVD
added 2022/08/24 12:0 a.m.28 views

Apache Flume input validation error vulnerability

Apache Flume is a distributed, reliable and available service from the Apache Foundation, USA. Used to efficiently collect, aggregate, and move large amounts of log data, versions of Apache Flume prior to 1.4.0 through 1.10.0 contain a security vulnerability that stems from vulnerability to remot...

9.8CVSS2.5AI score0.0231EPSS
Exploits0References1
Veracode
Veracode
added 2022/08/22 8:18 a.m.18 views

Remote Code Execution

flysystem is vulnerable to remote code execution. Lack of proper parameter validation in JMSMessageConsumer allows an attacker to upload and execute malicious code on the system under attack, when a configuration uses a JMS Source with a JNDI LDAP data source URI...

9.8CVSS9.5AI score0.0231EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/08/21 9:15 a.m.15 views

CVE-2022-34916

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

9.8CVSS0.0231EPSS
Exploits0References2
Prion
Prion
added 2022/08/21 9:15 a.m.26 views

Remote code execution

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

7.5CVSS9.5AI score0.0231EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/21 12:0 a.m.6 views

PT-2022-4369 · Apache · Apache Flume

Name of the Vulnerable Software and Affected Versions: Apache Flume versions 1.4.0 through 1.10.0 Description: The issue allows for a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI, and an attacker has control of the target LDAP server. Th...

9.8CVSS9.1AI score0.0231EPSS
Exploits0References9
CNVD
CNVD
added 2022/06/20 12:0 a.m.16 views

Apache Flume remote code execution vulnerability

Apache Flume is a distributed, reliable and available service from the Apache Foundation. A remote code execution vulnerability exists in Apache Flume, which stems from the configuration of a JMS source with a JNDI LDAP data source URI, and could be exploited by an attacker to cause a remote code...

9.8CVSS3.8AI score0.04627EPSS
Exploits0References1
Rows per page
Query Builder