28 matches found
Advisory ROSA-SA-2024-2519
software: log4j12 1.2.17 OS: ROSA-CHROME packageevrstring: log4j12-1.2.17-26 CVE-ID: CVE-2019-17571 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: Log4j 1.2 includes a SocketServer class that is vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in...
RHSA-2022:0439 Red Hat Security Advisory: rh-maven36-log4j12 security update
Bulletin has no description...
RHSA-2021:5269 Red Hat Security Advisory: rh-maven36-log4j12 security update
Bulletin has no description...
openSUSE: Security Advisory for log4j12 (openSUSE-SU-2022:0226-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
RHEL 7 : rh-maven36-log4j12 (RHSA-2022:0439)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0439 advisory. Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: log4j: SQL injection in Log4j 1...
Important: Red Hat Security Advisory: rh-maven36-log4j12 security update
An update for rh-maven36-log4j12 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openSUSE: Security Advisory for log4j12 (openSUSE-SU-2021:4112-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for log4j12 (openSUSE-SU-2021:1612-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2022:0226-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 Security Update : log4j12 (SUSE-SU-2022:0226-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0226-1 advisory. - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. bsc1194844 - CVE-2022-23305:...
openSUSE 15 Security Update : log4j12 (openSUSE-SU-2022:0226-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0226-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...
OPENSUSE-SU-2022:0226-1 Security update for log4j12
This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. bsc1194844 - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. bsc1194843 - CVE-2022-23302: Fix remote code...
openSUSE 15 Security Update : log4j12 (openSUSE-SU-2021:1612-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1612-1 advisory. - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The...
OPENSUSE-SU-2021:1612-1 Security update for log4j12
This update for log4j12 fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. bsc1193662 This update was imported from the SUSE:SLE-15-SP2:Update update project...
Security update for log4j12 (important)
openSUSE Security Update: Security update for log4j12 Announcement ID: openSUSE-SU-2021:1612-1 Rating: important References: 1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 SUSE: 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 An update th...
RHEL 7 : rh-maven36-log4j12 (RHSA-2021:5269)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5269 advisory. Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: log4j: Remote code execution in Log4j 1....
SUSE SLED15 / SLES15 Security Update : log4j12 (SUSE-SU-2021:4112-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:4112-1 advisory. - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. bsc1193662 Tenable has extracted the...
SUSE: Security Advisory (SUSE-SU-2021:4112-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-3W6P-8F82-GW8R Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Impact ClickHouse JDBC Bridge uses slf4j-log4j12 1.7.32, which depends on log4j 1.2.17. It allows a remote attacker to execute code on the server, if you changed default log4j configuration by adding JMSAppender and an insecure JMS broker. Patches The patch version 2.0.7 removed log4j dependency ...
OPENSUSE-SU-2021:4112-1 Security update for log4j12
This update for log4j12 fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. bsc1193662...