Lucene search
K

55 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.21 views

Astra Linux – Vulnerability in Apache Log4j1.2

Log4j 1.2’s JMSAppender is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide configurations for TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to make JNDI requests that lead to remo...

7.5CVSS7.3AI score0.81147EPSS
Exploits9References2
GithubExploit
GithubExploit
added 2026/05/16 1:52 a.m.88 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-vuln-demo Intentionally vulnerable demo image for Sys...

10CVSS7AI score0.99999EPSS
Exploits352
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:10 a.m.13 views

Security Bulletin: IBM Content Navigator is affected by Log4J

Summary IBM Content Navigator is affected by multiple vulnerabilities in Apache Log4j 1.x, a logging library that reached end of life in August 2015. These include multiple Deserialization of Untrusted Data flaws CVE-2019-17571, CVE-2021-4104, CVE-2022-23302, CVE-2022-23307, CVE-2023-26464 in...

9.8CVSS7.2AI score0.66537EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:44 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161.

Summary IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions...

6.3CVSS5.9AI score0.00743EPSS
Exploits1Affected Software1
SUSE Linux
SUSE Linux
added 2026/01/22 4:8 p.m.11 views

Security update for log4j

This update for log4j fixes the following issues: Security fixes: CVE-2025-68161: Fixed absent TLS hostname verification that may allow a man-in-the-middle attack bsc1255427 Other fixes: Upgrade to 2.18.0 Added Add support for Jakarta Mail API in the SMTP appender. Add support for custom Log4j 1....

6.3CVSS5.5AI score0.00743EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : log4j-1.2.17-17.0.1.el7.AXS7 (AXSA:2021-2848:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2848:01 advisory. log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender CVE-2021-4104 Tenable has extracted the preceding description blo...

7.5CVSS7.9AI score0.81147EPSS
Exploits9References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/12 5:46 p.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.10 released on December 19, 2025. Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the...

9.8CVSS8.5AI score0.66537EPSS
Exploits1Affected Software1
Gitee
Gitee
added 2025/09/06 12:44 p.m.100 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Log4j2 日志内容 JNDI RCE 缓解措施 English version 国际镜像:https://github.com/zhangyoufu/log4j2-without-jndi 国内镜像:https://code.aliyun.com/zhangyoufu/log4j2-without-jndi/tree/master 使用方式 1. 寻找部署目录下的 log4j2-core 组件 find . -name 'log4j-core.jar' 2. 对找到的 log4j2-core JAR 包实施缓解措施 方式1: 使用 zip 命令从 JAR...

10CVSS8.7AI score0.99999EPSS
Exploits352
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.9 views

Apache Log4j 安全漏洞

Apache Log4j is a Java-based open source logging tool from the Apache USA Foundation. A security vulnerability exists in Apache Log4j version 1.2 that stems from untrusted data deserialization...

2.3CVSS6.7AI score0.00387EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.4 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.2 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.3 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
RedHat Linux
RedHat Linux
added 2023/10/05 8:23 p.m.4 views

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

7.5CVSS7AI score0.01905EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2023/07/19 6:18 p.m.302 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

It is an exploit module for Log4j. The vulnerability class/vecto...

10CVSS8.6AI score0.99999EPSS
Exploits352
RedHat Linux
RedHat Linux
added 2022/06/30 7:14 p.m.10 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/30 7:0 p.m.5 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
RedHat Linux
RedHat Linux
added 2022/06/30 7:0 p.m.18 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
OSV
OSV
added 2022/06/14 7:15 p.m.7 views

CVE-2022-29615

SAP NetWeaver Developer Studio NWDS - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x...

3.4CVSS5.8AI score0.00243EPSS
Exploits0References2
Prion
Prion
added 2022/06/14 7:15 p.m.20 views

Design/Logic Flaw

SAP NetWeaver Developer Studio NWDS - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x...

3.6CVSS4.3AI score0.00243EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.3 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
Rows per page
Query Builder