Download
| Alert*
oval:org.secpod.oval:def:2500519
Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely ligh ... oval:org.secpod.oval:def:706277 apache-log4j1.2: Java-based open-source logging tool Apache Log4j 1.2 could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:76504 Deserialization of untrusted data in JMSAppender. oval:org.secpod.oval:def:506665 Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely ligh ... oval:org.secpod.oval:def:78178 apache-log4j1.2: Java-based open-source logging tool Apache Log4j 1.2 could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:506631 Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender For more details about the security issue, including the impact, a CVSS score, acknowledgments, an ... oval:org.secpod.oval:def:4501099 Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely ligh ... oval:org.secpod.oval:def:89045828 This update for log4j fixes the following issue: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] oval:org.secpod.oval:def:76377 A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JMS Br ... oval:org.secpod.oval:def:89045824 This update for log4j fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] oval:org.secpod.oval:def:1505383 parfait [0.5.4-4] - Obsolete vulnerable versions of log4j12 when upgrading to parfait 0.5.4-4 [0.5.4-3] - Drop all code explicitly using Log4J oval:org.secpod.oval:def:1601506 It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger ... oval:org.secpod.oval:def:506638 Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender For more details about the security issue, including the impact, a CVSS score, acknowledgments, an ... oval:org.secpod.oval:def:1505354 [0:1.2.17-17] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 oval:org.secpod.oval:def:89045841 This update for log4j fixes the following issue: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] oval:org.secpod.oval:def:76390 Deserialization of untrusted data in JMSAppender. oval:org.secpod.oval:def:89047242 This update for log4j12 fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] oval:org.secpod.oval:def:1505418 [0:1.2.14-6.4.1] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 [Orabug: 33689748] oval:org.secpod.oval:def:205925 Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender For more details about the security issue, including the impact, a CVSS score, acknowledgments, an ... oval:org.secpod.oval:def:97596 [CLSA-2022:1642429400] Fixed CVE-2021-4104 in log4j oval:org.secpod.oval:def:1700806 A flaw was found in the Java logging library Apache Log4j in version 1.x . This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender. This flaw has been filed for Log4j 1.x, the corresponding flaw information for Log4j 2.x is available a ... |