2 matches found
CVE-2019-17571
CVE-2019-17571 affects the Apache Log4j 1.x SocketServer: it deserializes serialized log events from untrusted network input without proper whitelisting, enabling remote code execution when combined with a deserialization gadget. Affected are Log4j 1.2 up to 1.2.17; exploitation hinges on receivi...
CVE-2022-32531
The CVE-2022-32531 issue affects the Apache Bookkeeper Java Client. Affected software: BookKeeper Java Client prior to versions 4.14.6 and 4.15.0. Root cause: the client does not close the connection to the bookkeeper server when TLS hostname verification fails, enabling a potential MITM conditio...