Astra Linux - уязвимость в apache-log4j1.2

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter, where the values to be inserted are converted using PatternLayout. The message converter %m is likely to always be included. This allows attackers to manipulate SQL statements by entering crafted...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

💥 CVE-2021-44228 — Log4Shell The Most Impactful Vuln...

EUVD-2022-0721

Malicious code in bioql PyPI...

RHEL 6 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - log4j: Socket receiver deserialization vulnerability CVE-2017-5645 - UNSUPPORTED WHEN ASSIGNED When using...

Apache Log4j 1.x (EOL) allows Denial of Service (DoS)

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

CVE-2023-26464 Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

CVE-2023-26464

CVE-2023-26464 : In Log4j 1.x, the Chainsaw and SocketAppender components on Java runtimes older than 1.7 are vulnerable to deserialization of deeply nested hashmap/hashtable when a logging entry is crafted, potentially exhausting VM memory and causing Denial of Service. The advisory notes this a...

SUSE CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2022-23305)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability through the JDBCAppender in Log4j 1.2.x which accepts a SQL statement as a configuration parameter. When JDBCAppender is specifically configured to use, malicious values could be inserted. This allo...

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater aka...

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

In recent weeks, the Microsoft Threat Intelligence Center MSTIC and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high...

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

In recent weeks, the Microsoft Threat Intelligence Center MSTIC and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high...

OESA-2022-1781 log4j12 security update

With log4j it is possible to enable logging at runtime without modifying the application binary. Security Fixes: By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converte...

new module: log4j:2

This enhancement update adds the log4j:2 module to AlmaLinux BZ1937468 For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

new module: log4j:2

An update is available for jctools, log4j, disruptor. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the log4j:2 module to Rocky...

ALEA-2022:1963 new module: log4j:2

This enhancement update adds the log4j:2 module to AlmaLinux BZ1937468 For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Security Bulletin: Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Summary Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. CSM version 6.3.2 ships the latest library available 2.17.1. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...

OESA-2022-1513 log4j12 security update

With log4j it is possible to enable logging at runtime without modifying the application binary. Security Fixes: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...