3 matches found
GHSA-3W6P-8F82-GW8R Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Impact ClickHouse JDBC Bridge uses slf4j-log4j12 1.7.32, which depends on log4j 1.2.17. It allows a remote attacker to execute code on the server, if you changed default log4j configuration by adding JMSAppender and an insecure JMS broker. Patches The patch version 2.0.7 removed log4j dependency ...
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Impact ClickHouse JDBC Bridge uses slf4j-log4j12 1.7.32, which depends on log4j 1.2.17. It allows a remote attacker to execute code on the server, if you changed default log4j configuration by adding JMSAppender and an insecure JMS broker. Patches The patch version 2.0.7 removed log4j dependency ...
Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-0752)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0752 advisory. 1.7.0.19-2.3.9.1.0.1.el59 - Add oracle-enterprise.patch - Fix DISTRONAME to Enterprise Linux 1.7.0.19-2.3.9.1.el5 - updated to updated IcedTea 2.3.9 wi...