Количество 106
Количество 106
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...
BDU:2021-01051
Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код
GHSA-fxph-q3j8-mv87
Deserialization of Untrusted Data in Log4j
CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...
BDU:2020-03624
Уязвимость реализации класса SmtpAppender библиотеки журналирования Java-программ Log4j, позволяющая нарушителю реализовать атаку типа «человек посередине»
openSUSE-SU-2021:4118-1
Security update for log4j
openSUSE-SU-2021:1605-1
Security update for log4j
GHSA-p6xc-xr62-6r2g
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...
BDU:2021-05969
Уязвимость компонента JNDI библиотеки журналирования Java-программ Apache Log4j2, позволяющая нарушителю выполнить произвольный код
openSUSE-SU-2021:4109-1
Security update for logback
openSUSE-SU-2021:3999-1
Security update for log4j
openSUSE-SU-2021:1613-1
Security update for logback
openSUSE-SU-2021:1586-1
Security update for log4j
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| CVE-2021-45046 It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ... | CVSS3: 9 | 94% Критический | больше 3 лет назад |
 | BDU:2021-01051 Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 94% Критический | около 8 лет назад |
| GHSA-fxph-q3j8-mv87 Deserialization of Untrusted Data in Log4j | CVSS3: 9.8 | 94% Критический | больше 5 лет назад |
 | CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | CVSS3: 9.8 | 94% Критический | около 8 лет назад |
 | CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | CVSS3: 8.1 | 94% Критический | около 8 лет назад |
 | CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | CVSS3: 9.8 | 94% Критический | около 8 лет назад |
| CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ... | CVSS3: 9.8 | 94% Критический | около 8 лет назад |
| BDU:2020-03624 Уязвимость реализации класса SmtpAppender библиотеки журналирования Java-программ Log4j, позволяющая нарушителю реализовать атаку типа «человек посередине» | CVSS3: 3.7 | 0% Низкий | около 5 лет назад |
 | openSUSE-SU-2021:4118-1 Security update for log4j | 65% Средний | больше 3 лет назад | |
| openSUSE-SU-2021:1605-1 Security update for log4j | 65% Средний | больше 3 лет назад | |
| GHSA-p6xc-xr62-6r2g Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion | CVSS3: 8.6 | 65% Средний | больше 3 лет назад |
| CVE-2021-45105 Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | CVSS3: 5.9 | 65% Средний | больше 3 лет назад |
| CVE-2021-45105 Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | CVSS3: 5.9 | 65% Средний | больше 3 лет назад |
| CVE-2021-45105 Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | CVSS3: 5.9 | 65% Средний | больше 3 лет назад |
| CVE-2021-45105 Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ... | CVSS3: 5.9 | 65% Средний | больше 3 лет назад |
| BDU:2021-05969 Уязвимость компонента JNDI библиотеки журналирования Java-программ Apache Log4j2, позволяющая нарушителю выполнить произвольный код | CVSS3: 10 | 94% Критический | больше 3 лет назад |
| openSUSE-SU-2021:4109-1 Security update for logback | 94% Критический | больше 3 лет назад | |
| openSUSE-SU-2021:3999-1 Security update for log4j | 94% Критический | больше 3 лет назад | |
| openSUSE-SU-2021:1613-1 Security update for logback | 94% Критический | больше 3 лет назад | |
| openSUSE-SU-2021:1586-1 Security update for log4j | 94% Критический | больше 3 лет назад |
Уязвимостей на страницу