Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : java-11-openjdk-11.0.15.0.9-2.el8 (AXSA:2022-3152:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3152:07 advisory. OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling craft...

7.5CVSS6.2AI score0.04046EPSS
Exploits0References6
Gentoo Linux
Gentoo Linux
added 2023/10/26 12:0 a.m.68 views

Ubiquiti UniFi: remote code execution via bundled log4j

Background Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi APs. Description A bundled version of log4j could facilitate remote code execution. Please review the CVE identifier referenced below for details. Impact An attacker with permission to modify the logging configuratio...

9CVSS7.8AI score0.99977EPSS
Exploits41
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.60 views

K14122652: Apache Log4j2 vulnerability CVE-2021-44832

Security Advisory Description Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration...

8.5CVSS8.7AI score0.97906EPSS
Exploits9Affected Software1
NVD
NVD
added 2022/12/21 4:15 p.m.38 views

CVE-2022-40145

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...

9.8CVSS0.02404EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/01 2:32 p.m.67 views

Security Bulletin: Due to use of Apache Log4j, IBM QRadar SIEM is affected by arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)

Summary IBM QRadar SIEM is affected by arbitrary code execution due to Apache Log4j CVE-2019-17571, CVE-2021-44832, CVE-2021-4104. Apache Log4j is used by IBM QRadar SIEM as part of its logging infrastructure. The fix includes Apache Log4j 2.17.2 Vulnerability Details CVEID:CVE-2019-17571...

9.8CVSS8.5AI score0.97906EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/10 3:52 p.m.50 views

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by IBM Event Streams. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary cod...

8.5CVSS1.3AI score0.97906EPSS
Exploits9Affected Software1
RedhatCVE
RedhatCVE
added 2022/05/07 2:30 p.m.168 views

CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

10CVSS4.4AI score0.99999EPSS
Exploits353References4
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.5 views

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

8.5CVSS7.5AI score0.97906EPSS
Exploits9References5
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.3 views

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

8.5CVSS7.5AI score0.97906EPSS
Exploits9References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2022-0002)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS8.9AI score0.97906EPSS
Exploits9References5
RedHat Linux
RedHat Linux
added 2022/01/20 4:0 p.m.4 views

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

8.5CVSS7.5AI score0.97906EPSS
Exploits9References5
RedHat Linux
RedHat Linux
added 2022/01/20 9:26 a.m.4 views

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

8.5CVSS7.5AI score0.97906EPSS
Exploits9References5
Amazon
Amazon
added 2022/01/20 12:0 a.m.100 views

Medium: aws-kinesis-agent

Issue Overview: Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC...

8.5CVSS9.1AI score0.97906EPSS
Exploits9
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/15 8:4 p.m.134 views

Security Bulletin: IBM Cognos Controller 10.4.2 IF17: Apache Log4j vulnerability (CVE-2021-45105 & CVE-2021-44832)

Summary IBM Cognos Controller is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Controller has upgrad...

10CVSS0.7AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 5:9 p.m.61 views

Security Bulletin: Apache Log4j vulnerability affects IBM Sterling External Authentication Server (CVE-2021-44832)

Summary IBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker...

10CVSS1.7AI score0.99999EPSS
Exploits357Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/04 4:14 p.m.76 views

Improper Input Validation and Injection in Apache Log4j2

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JN...

8.5CVSS4.7AI score0.97906EPSS
Exploits9References17Affected Software2
Mageia
Mageia
added 2022/01/03 7:36 a.m.96 views

Updated log4j packages fix security vulnerability

Apache Log4j2 is vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed b...

8.5CVSS2.9AI score0.97906EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2021/12/28 12:0 a.m.981 views

Apache Log4j 2.0 < 2.3.2 / 2.4 < 2.12.4 / 2.13 < 2.17.1 RCE

The version of Apache Log4j on the remote host is 2.0 2.3.2, 2.4 2.12.4, or 2.13 2.17.1. It is, therefore, affected by a remote code execution vulnerability. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution...

8.5CVSS8.8AI score0.97906EPSS
Exploits9References2
Rows per page
Query Builder