Количество 29
Количество 29
openSUSE-SU-2022:0226-1
Security update for log4j12
openSUSE-SU-2022:0214-1
Security update for log4j
SUSE-SU-2022:14881-1
Security update for log4j
SUSE-SU-2022:0226-1
Security update for log4j12
SUSE-SU-2022:0214-1
Security update for log4j
SUSE-SU-2022:0212-1
Security update for log4j
ELSA-2022-0442
ELSA-2022-0442: log4j security update (IMPORTANT)
openSUSE-SU-2022:0038-1
Security update for kafka
RLSA-2022:0290
Important: parfait:0.5 security update
ELSA-2022-9419
ELSA-2022-9419: log4j security update (IMPORTANT)
ELSA-2022-0290
ELSA-2022-0290: parfait:0.5 security update (IMPORTANT)
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...
GHSA-w9p3-5cr8-m3jj
Deserialization of Untrusted Data in Log4j 1.x
BDU:2022-00526
Уязвимость реализации класса JMSSink библиотеки журналирования Java-программ Log4j, позволяющая нарушителю выполнить произвольный код
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | openSUSE-SU-2022:0226-1 Security update for log4j12 | больше 3 лет назад | ||
| openSUSE-SU-2022:0214-1 Security update for log4j | больше 3 лет назад | ||
| SUSE-SU-2022:14881-1 Security update for log4j | больше 3 лет назад | ||
| SUSE-SU-2022:0226-1 Security update for log4j12 | больше 3 лет назад | ||
| SUSE-SU-2022:0214-1 Security update for log4j | больше 3 лет назад | ||
| SUSE-SU-2022:0212-1 Security update for log4j | больше 3 лет назад | ||
| ELSA-2022-0442 ELSA-2022-0442: log4j security update (IMPORTANT) | больше 3 лет назад | ||
| openSUSE-SU-2022:0038-1 Security update for kafka | больше 3 лет назад | ||
 | RLSA-2022:0290 Important: parfait:0.5 security update | больше 3 лет назад | ||
| ELSA-2022-9419 ELSA-2022-9419: log4j security update (IMPORTANT) | около 3 лет назад | ||
| ELSA-2022-0290 ELSA-2022-0290: parfait:0.5 security update (IMPORTANT) | больше 3 лет назад | ||
 | CVE-2022-23302 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
 | CVE-2022-23302 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
 | CVE-2022-23302 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| CVE-2022-23302 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ... | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-w9p3-5cr8-m3jj Deserialization of Untrusted Data in Log4j 1.x | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
 | BDU:2022-00526 Уязвимость реализации класса JMSSink библиотеки журналирования Java-программ Log4j, позволяющая нарушителю выполнить произвольный код | CVSS3: 6.6 | 0% Низкий | больше 3 лет назад |
| CVE-2022-23307 CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад |
| CVE-2022-23307 CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад |
| CVE-2022-23307 CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу