Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.80 views

GLSA-202310-16 : Ubiquiti UniFi: remote code execution via bundled log4j

The remote host is affected by the vulnerability described in GLSA-202310-16 Ubiquiti UniFi: remote code execution via bundled log4j - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provid...

10CVSS8.4AI score0.99999EPSS
Exploits354References4
Mageia
Mageia
added 2021/12/19 12:26 p.m.124 views

Updated log4j packages fix security vulnerability

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

9CVSS1.9AI score0.99977EPSS
Exploits40References3
GithubExploit
GithubExploit
added 2021/12/15 4:28 p.m.458 views

Exploit for Expression Language Injection in Apache Log4J

tejas-nagchandi/CVE-2021-45046 Attack !imagehttps://use...

10CVSS10AI score0.99999EPSS
Exploits353
Github Security Blog
Github Security Blog
added 2021/12/14 6:1 p.m.287 views

Incomplete fix for Apache Log4j vulnerability

Impact The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup for...

10CVSS2.2AI score0.99999EPSS
Exploits353References29Affected Software2
ATTACKERKB
ATTACKERKB
added 2021/12/14 12:0 a.m.211 views

CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

10CVSS9.8AI score0.99999EPSS
In wildExploits353References26
FreeBSD
FreeBSD
added 2021/11/14 12:0 a.m.355 views

graylog -- remote code execution in log4j from user-controlled log input

Apache Software Foundation reports: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default...

10CVSS2.1AI score0.99999EPSS
Exploits351References3
Rows per page
Query Builder