exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 45

openSUSE-SU-2022:0038-1

больше 3 лет назад

Security update for kafka

EPSS: Низкий

RLSA-2022:0290

больше 3 лет назад

Important: parfait:0.5 security update

EPSS: Низкий

ELSA-2022-0290

больше 3 лет назад

ELSA-2022-0290: parfait:0.5 security update (IMPORTANT)

EPSS: Низкий

openSUSE-SU-2022:0226-1

больше 3 лет назад

Security update for log4j12

EPSS: Низкий

openSUSE-SU-2022:0214-1

больше 3 лет назад

Security update for log4j

EPSS: Низкий

SUSE-SU-2022:14881-1

больше 3 лет назад

Security update for log4j

EPSS: Низкий

SUSE-SU-2022:0226-1

больше 3 лет назад

Security update for log4j12

EPSS: Низкий

SUSE-SU-2022:0214-1

больше 3 лет назад

Security update for log4j

EPSS: Низкий

SUSE-SU-2022:0212-1

больше 3 лет назад

Security update for log4j

EPSS: Низкий

ELSA-2022-0442

больше 3 лет назад

ELSA-2022-0442: log4j security update (IMPORTANT)

EPSS: Низкий

ELSA-2022-9419

около 3 лет назад

ELSA-2022-9419: log4j security update (IMPORTANT)

EPSS: Низкий

CVE-2021-4104

больше 3 лет назад

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

CVSS3: 7.5

EPSS: Высокий

CVE-2021-4104

больше 3 лет назад

CVSS3: 7.5

EPSS: Высокий

CVE-2021-4104

больше 3 лет назад

CVSS3: 7.5

EPSS: Высокий

CVE-2021-4104

больше 3 лет назад

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...

CVSS3: 7.5

EPSS: Высокий

openSUSE-SU-2021:4112-1

больше 3 лет назад

Security update for log4j12

EPSS: Высокий

openSUSE-SU-2021:4111-1

больше 3 лет назад

Security update for log4j

EPSS: Высокий

openSUSE-SU-2021:1631-1

больше 3 лет назад

Security update for kafka

EPSS: Высокий

openSUSE-SU-2021:1612-1

больше 3 лет назад

Security update for log4j12

EPSS: Высокий

SUSE-SU-2021:4115-1

больше 3 лет назад

Security update for log4j

EPSS: Высокий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
openSUSE-SU-2022:0038-1 Security update for kafka			больше 3 лет назад
RLSA-2022:0290 Important: parfait:0.5 security update			больше 3 лет назад
ELSA-2022-0290 ELSA-2022-0290: parfait:0.5 security update (IMPORTANT)			больше 3 лет назад
openSUSE-SU-2022:0226-1 Security update for log4j12			больше 3 лет назад
openSUSE-SU-2022:0214-1 Security update for log4j			больше 3 лет назад
SUSE-SU-2022:14881-1 Security update for log4j			больше 3 лет назад
SUSE-SU-2022:0226-1 Security update for log4j12			больше 3 лет назад
SUSE-SU-2022:0214-1 Security update for log4j			больше 3 лет назад
SUSE-SU-2022:0212-1 Security update for log4j			больше 3 лет назад
ELSA-2022-0442 ELSA-2022-0442: log4j security update (IMPORTANT)			больше 3 лет назад
ELSA-2022-9419 ELSA-2022-9419: log4j security update (IMPORTANT)			около 3 лет назад
CVE-2021-4104 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.	CVSS3: 7.5	73% Высокий	больше 3 лет назад
CVE-2021-4104 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.	CVSS3: 7.5	73% Высокий	больше 3 лет назад
CVE-2021-4104 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.	CVSS3: 7.5	73% Высокий	больше 3 лет назад
CVE-2021-4104 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...	CVSS3: 7.5	73% Высокий	больше 3 лет назад
openSUSE-SU-2021:4112-1 Security update for log4j12		73% Высокий	больше 3 лет назад
openSUSE-SU-2021:4111-1 Security update for log4j		73% Высокий	больше 3 лет назад
openSUSE-SU-2021:1631-1 Security update for kafka		73% Высокий	больше 3 лет назад
openSUSE-SU-2021:1612-1 Security update for log4j12		73% Высокий	больше 3 лет назад
SUSE-SU-2021:4115-1 Security update for log4j		73% Высокий	больше 3 лет назад

Уязвимостей на страницу