CVSS: 9.0EPSS: 0%CPEs: 39EXPL: 0CVE-2022-23307 – A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.
https://notcve.org/view.php?id=CVE-2022-23307
18 Jan 2022 — CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. CVE-2020-9493 identificó un problema de deserialización presente en Apache Chainsaw. Versiones anteriores a Chainsaw V2.0 Chainsaw era un componente de Apache Log4j versiones 1.2.x donde se presenta el mismo problema A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserializ... • https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 15%CPEs: 42EXPL: 3CVE-2022-23305 – SQL injection in JDBC Appender in Apache Log4j V1
https://notcve.org/view.php?id=CVE-2022-23305
18 Jan 2022 — By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not... • https://github.com/HynekPetrak/log4shell-finder • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2022-23302 – Deserialization of untrusted data in JMSSink in Apache Log4j 1.x
https://notcve.org/view.php?id=CVE-2022-23302
18 Jan 2022 — JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which i... • http://www.openwall.com/lists/oss-security/2022/01/18/3 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 65%CPEs: 213EXPL: 10CVE-2021-45105 – Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
https://notcve.org/view.php?id=CVE-2021-45105
18 Dec 2021 — Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no protegían de la recursión no controlada de las búsquedas autorreferenciales.... • https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 • CWE-20: Improper Input Validation CWE-674: Uncontrolled Recursion •
CVSS: 8.1EPSS: 2%CPEs: 37EXPL: 1CVE-2020-24750 – jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
https://notcve.org/view.php?id=CVE-2020-24750
17 Sep 2020 — FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.6, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con com.pastdev.httpcomponents.configuration.JndiConfiguration A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.6. The interaction between ... • https://github.com/Al1ex/CVE-2020-24750 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 3%CPEs: 33EXPL: 1CVE-2020-24616
https://notcve.org/view.php?id=CVE-2020-24616
25 Aug 2020 — FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.6, maneja inapropiadamente la interacción entre los dispositivos de serialización y la escritura, relacionada con br.com.anteros.dbcp.AnterosDBCPDataSource (también se conoce como Anteros-DBCP) • https://github.com/0xkami/cve-2020-24616-poc • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 218EXPL: 7CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://github.com/isacaya/CVE-2019-11358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 11%CPEs: 13EXPL: 0CVE-2019-0222 – activemq: Corrupt MQTT frame can cause broker shutdown
https://notcve.org/view.php?id=CVE-2019-0222
28 Mar 2019 — In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. En Apache ActiveMQ, desde la versión 5.0.0 hasta la 5.15.8, la deserialización de una trama MQTT corrupta puede conducir a una excepción de bróker fuera de memoria, haciendo que no responda. AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protoc... • http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt •
CVSS: 7.5EPSS: 10%CPEs: 114EXPL: 0CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
18 Oct 2018 — Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This ... • http://www.securityfocus.com/bid/105703 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10270
https://notcve.org/view.php?id=CVE-2017-10270
19 Oct 2017 — Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware (subcomponent: Microsoft Active Directory). The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Identity Manager Connector executes to compromise Oracle Identity Manager Connector. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Id... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •