Lucene search
K

16 matches found

Github Security Blog
Github Security Blog
added 2021/06/07 4:7 p.m.227 views

QOS.ch Logback vulnerable to Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket,...

9.8CVSS9.2AI score0.07501EPSS
Exploits0References25Affected Software2
OSV
OSV
added 2021/06/07 4:7 p.m.57 views

GHSA-VMFG-RJJM-RJRJ QOS.ch Logback vulnerable to Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket,...

9.8CVSS9.5AI score0.07501EPSS
Exploits0References25
GitLab Advisory Database
GitLab Advisory Database
added 2021/06/07 12:0 a.m.50 views

Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

9.8CVSS5AI score0.07501EPSS
Exploits0References4Affected Software1
Mageia
Mageia
added 2019/02/14 8:38 a.m.38 views

Updated logback packages fix security vulnerability

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

9.8CVSS6.6AI score0.07501EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.6 views

logback: Serialization vulnerability in SocketServer and ServerSocketReceiver

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

9.8CVSS7.8AI score0.07501EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/08/10 11:3 p.m.8 views

logback: Serialization vulnerability in SocketServer and ServerSocketReceiver

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

9.8CVSS7.8AI score0.07501EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/03/16 9:48 a.m.37 views

CVE-2017-5929

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

9.8CVSS7.6AI score0.07501EPSS
Exploits0References1
Prion
Prion
added 2017/03/13 6:59 a.m.23 views

Code injection

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

7.5CVSS9.2AI score0.07501EPSS
Exploits0References21Affected Software3
UbuntuCve
UbuntuCve
added 2017/03/13 6:59 a.m.48 views

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

9.8CVSS6.8AI score0.07501EPSS
Exploits0References5
OSV
OSV
added 2017/03/13 6:59 a.m.32 views

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

9.8CVSS6.6AI score
Exploits0References21
NVD
NVD
added 2017/03/13 6:59 a.m.26 views

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

9.8CVSS9.5AI score0.07501EPSS
Exploits0References21
Cvelist
Cvelist
added 2017/03/13 6:14 a.m.46 views

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

9.4AI score0.07501EPSS
Exploits0References21
CVE
CVE
added 2017/03/13 6:14 a.m.241 views

CVE-2017-5929

CVE-2017-5929 – Logback deserialization issue : QOS.ch Logback up to 1.2.0 contains a serialization vulnerability in the SocketServer and ServerSocketReceiver paths. The RemoteStreamAppenderClient, SocketNode, and related classes deserialize data from a Java Socket via ObjectInputStream without v...

9.8CVSS9.2AI score0.07501EPSS
Exploits0References21Affected Software1
Debian CVE
Debian CVE
added 2017/03/13 6:14 a.m.94 views

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

9.8CVSS7AI score0.07501EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2017/03/13 12:0 a.m.7 views

PT-2017-3933

Name of the Vulnerable Software and Affected Versions QOS.ch Logback versions prior to 1.2.0 Description The issue is related to a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. This vulnerability allows an attacker to exploit the deserialization of...

10CVSS7.4AI score0.07501EPSS
Exploits0References103
GitLab Advisory Database
GitLab Advisory Database
added 2017/03/13 12:0 a.m.39 views

Serialization vulnerability

A serialization vulnerability was found in the SocketServer and ServerSocketReceiver components...

9.8CVSS4.3AI score0.07501EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder