Lucene search
K

7 matches found

BDU FSTEC
BDU FSTEC
added 2019/09/05 12:0 a.m.6 views

The vulnerability of the org.slf4j.ext.EventData component in the slf4j-ext library of SLF4J allows attackers to circumvent existing security restrictions.

The vulnerability of the org.slf4j.ext.EventData component in the slf4j-ext library of SLF4J lies in the possibility of memory corruption due to an unreliable data structure. Exploiting this vulnerability allows a remote attacker to circumvent existing security restrictions...

10CVSS5.6AI score0.15087EPSS
Exploits0References5Affected Software9
RedHat Linux
RedHat Linux
added 2019/07/22 2:53 p.m.2 views

jackson-databind: arbitrary code execution in slf4j-ext class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.6AI score0.12679EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/04/24 6:46 p.m.2 views

jackson-databind: arbitrary code execution in slf4j-ext class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.6AI score0.12679EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/07/05 3:28 p.m.2 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/14 8:51 p.m.3 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/03 6:20 p.m.3 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
OSV
OSV
added 2018/03/20 4:29 p.m.2 views

UBUNTU-CVE-2018-8088

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series...

9.8CVSS6.8AI score0.15087EPSS
Exploits0References5
Rows per page
Query Builder