Количество 10
Количество 10
BDU:2020-02355
Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ...
openSUSE-SU-2020:0051-1
Security update for log4j
SUSE-SU-2020:14267-1
Security update for log4j
SUSE-SU-2020:0054-1
Security update for log4j
SUSE-SU-2020:0053-1
Security update for log4j
GHSA-2qrg-x229-3v8q
Deserialization of Untrusted Data in Log4j
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2020-02355 Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
 | CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
 | CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
 | CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
| CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ... | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
 | openSUSE-SU-2020:0051-1 Security update for log4j | 53% Средний | больше 5 лет назад | |
| SUSE-SU-2020:14267-1 Security update for log4j | 53% Средний | больше 5 лет назад | |
| SUSE-SU-2020:0054-1 Security update for log4j | 53% Средний | больше 5 лет назад | |
| SUSE-SU-2020:0053-1 Security update for log4j | 53% Средний | больше 5 лет назад | |
| GHSA-2qrg-x229-3v8q Deserialization of Untrusted Data in Log4j | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
Уязвимостей на страницу