Download
| Alert*
oval:org.secpod.oval:def:3300616
SUSE Security Update: Security update for log4j12 oval:org.secpod.oval:def:1601682 A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests. A flaw was found in ... oval:org.secpod.oval:def:2500519 Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely ligh ... oval:org.secpod.oval:def:506792 Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender * log4j: Unsafe deserialization flaw in Chainsaw log viewer * log4j: Remote code execution in Log4j 1.x ... oval:org.secpod.oval:def:1700847 A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests. A flaw was found in ... oval:org.secpod.oval:def:506665 Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely ligh ... oval:org.secpod.oval:def:89045914 This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. - CVE-2022-23302: Fixed remote code execu ... oval:org.secpod.oval:def:708071 apache-log4j1.2: Java-based open-source logging tool Several security issues were fixed in Apache Log4j. oval:org.secpod.oval:def:4501099 Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely ligh ... oval:org.secpod.oval:def:506689 Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender * log4j: Unsafe deserialization flaw in Chainsaw log viewer * log4j: Remote code execution in Log4j 1.x ... oval:org.secpod.oval:def:89045977 This update for log4j fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. - CVE-2022-23302: Fix remote code execution by removing src/mai ... oval:org.secpod.oval:def:1505383 parfait [0.5.4-4] - Obsolete vulnerable versions of log4j12 when upgrading to parfait 0.5.4-4 [0.5.4-3] - Drop all code explicitly using Log4J oval:org.secpod.oval:def:89047423 This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. - CVE-2022-23302: Fix remote code execution by removing src/m ... oval:org.secpod.oval:def:89045990 This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. - CVE-2022-23302: Fixed remote code execu ... oval:org.secpod.oval:def:1505735 [0:1.2.14-6.4.2] - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 - [Orabug: 33868008] [0:1.2.14-6.4.1] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 [Orabug: 33689748] oval:org.secpod.oval:def:3300464 SUSE Security Update: Security update for log4j oval:org.secpod.oval:def:89045981 This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. - CVE-2022-23302: Fix remote code execution by removing src/m ... oval:org.secpod.oval:def:1505403 [0:1.2.17-18] - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remote code execution when application is configured to use JMSSink - Resolves: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 oval:org.secpod.oval:def:205937 Security Fix: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender log4j: Unsafe deserialization flaw in Chainsaw log viewer log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink For more details about the security issue, including ... oval:org.secpod.oval:def:96316 apache-log4j1.2: Java-based open-source logging tool Several security issues were fixed in Apache Log4j. oval:org.secpod.oval:def:97601 [CLSA-2022:1643918500] Fixed CVE-2022-23305 in log4j |