Page 2 of 27 results (0.003 seconds)

CVSS: 7.5EPSS: 15%CPEs: 72EXPL: 0

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. • http://www.openwall.com/lists/oss-security/2022/01/18/3 https://access.redhat.com/security/cve/CVE-2021-4104 https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033 https://security.gentoo.org/glsa/202209-02 https://security.gentoo.org/glsa/202310-16 https://security.gentoo.org/glsa/202312-02 https://security.gentoo.org/glsa/202312-04 https://security.netapp.com/advisory/ntap-20211223-0007 https&# • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

Server-Side Template Injection and arbitrary file disclosure on Camel templating components Una Inyección de Plantilla del Lado de Servidor y divulgación de archivos arbitrarios en componentes de plantillas Camel A flaw was found in camel. Camel's templating components are suseptable to Server-Side Template Injection and arbitrary file disclosure. The highest threat from this vulnerability is to data confidentiality. • https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2020-11994 https://bugzilla.redhat.com/show_bug.cgi?id=1855786 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Apache Camel RabbitMQ permite una deserialización de Java por defecto. Apache Camel versiones 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 hasta 3.1.0 están afectadas. Los usuarios de la versión 2.x deben actualizar a la versión 2.25.1, los usuarios de la versión 3.x deben actualizar a la versión 3.2.0. • http://www.openwall.com/lists/oss-security/2020/05/14/10 http://www.openwall.com/lists/oss-security/2020/05/14/8 https://camel.apache.org/security/CVE-2020-11972.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-11972 https://bugzilla.redhat.com/show_bug.cgi?id=1848464 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Apache Camel Netty permite una deserialización de Java por defecto. Apache Camel versiones 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 hasta 3.1.0 están afectadas. Los usuarios de la versión 2.x deben actualizar a la versión 2.25.1, los usuarios de la versión 3.x deben actualizar a la versión 3.2.0. • http://www.openwall.com/lists/oss-security/2020/05/14/9 https://camel.apache.org/security/CVE-2020-11973.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-11973 https://bugzilla.redhat.com/show_bug.cgi?id=1848465 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. El JMX de Apache Camel es vulnerable a Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 hasta la versión 3.1.0 se ve afectado. • http://www.openwall.com/lists/oss-security/2020/05/14/7 https://camel.apache.org/security/CVE-2020-11971.html https://lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab923 • CWE-20: Improper Input Validation •