Exploit for Deserialization of Untrusted Data in Apache Kafka_Connect

Apache Druid CVE-2023-25194 CVE-2023-25194 is a deserializati...

Deserialization Of Untrusted Data

nifi-jms-processors is vulnerable to Deserialization of Untrusted Data. The vulnerability exists due to improper URL validation in JndiJmsConnectionFactoryProvider of JndiJmsConnectionFactoryProperties.java; if an attacker has access to the provider URL and library property configuration, they ca...

OPENSUSE-SU-2021:1577-1 Security update for log4j

This update for log4j fixes the following issues: - CVE-2021-44228: Fix a remote code execution vulnerability that existed in the LDAP JNDI parser. bsc1193611, CVE-2021-44228 This update was imported from the SUSE:SLE-15-SP2:Update update project...

OPENSUSE-SU-2021:3999-1 Security update for log4j

This update for log4j fixes the following issues: - CVE-2021-44228: Fix a remote code execution vulnerability that existed in the LDAP JNDI parser. bsc1193611, CVE-2021-44228...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Apache Log4j 2 Vulnerable versions:...

GHSA-JFH8-C2JP-5V3Q Remote code injection in Log4j

Summary Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per Apache's Log4j security guide: Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and...