Lucene search
K

137 matches found

RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.5 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits350References8
NVD
NVD
added 2025/01/19 11:15 a.m.10 views

CVE-2025-21633

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
CVE
CVE
added 2025/01/19 10:17 a.m.93 views

CVE-2025-21633

CVE-2025-21633 appears in multiple advisories as part of the Linux kernel fixes: MiracleLinux AXSA:2025-10431:39 for kernel 5.14.0-570.16.1.el9_6 (remote kernel io_uring sqpoll path) and is listed among kernels in Rocky Linux 10, AlmaLinux 9/10, RHEL 9/10/Oracle Linux advisories. The described is...

6.8AI score
Exploits0
OSV
OSV
added 2024/03/06 11:9 a.m.27 views

BIT-WILDFLY-2020-10718

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is ...

7.5CVSS8.3AI score0.01435EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.80 views

GLSA-202310-16 : Ubiquiti UniFi: remote code execution via bundled log4j

The remote host is affected by the vulnerability described in GLSA-202310-16 Ubiquiti UniFi: remote code execution via bundled log4j - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provid...

10CVSS8.4AI score0.99999EPSS
Exploits351References4
CISA KEV Catalog
CISA KEV Catalog
added 2023/05/01 12:0 a.m.23 views

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations...

10CVSS7.8AI score0.99999EPSS
In wildExploits350
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.4 views

SUSE CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS6.7AI score0.00776EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.8 views

SUSE CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

7.5CVSS7.4AI score0.99999EPSS
Exploits20References6
OSV
OSV
added 2022/09/23 11:4 a.m.12 views

OESA-2022-1957 log4j security update

Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Contex...

9CVSS8.8AI score0.99999EPSS
Exploits44References4
OSV
OSV
added 2022/06/19 6:15 a.m.3 views

UBUNTU-CVE-2014-125020

A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decodeupdatethreadcontext. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue...

7.8CVSS6.6AI score0.00492EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/20 2:52 p.m.5 views

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

5.9CVSS7.3AI score0.99999EPSS
Exploits20References7
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.6 views

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

5.9CVSS7.3AI score0.99999EPSS
Exploits20References7
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.3 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits350References8
RedHat Linux
RedHat Linux
added 2022/01/20 6:55 p.m.3 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits350References8
RedHat Linux
RedHat Linux
added 2022/01/20 6:54 p.m.4 views

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

5.9CVSS7.3AI score0.99999EPSS
Exploits20References7
RedHat Linux
RedHat Linux
added 2022/01/20 6:54 p.m.5 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits350References8
RedHat Linux
RedHat Linux
added 2022/01/20 4:0 p.m.5 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits350References8
RedHat Linux
RedHat Linux
added 2022/01/20 12:12 p.m.5 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits350References8
RedHat Linux
RedHat Linux
added 2022/01/20 12:12 p.m.8 views

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

5.9CVSS7.3AI score0.99999EPSS
Exploits20References7
RedHat Linux
RedHat Linux
added 2022/01/20 9:26 a.m.4 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits350References8
Rows per page
Query Builder