what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

CVE-2021-4104

Status Candidate

Overview

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Related Files

Red Hat Security Advisory 2024-1090-03
Posted Mar 5, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1090-03 - An update for tcpdump is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-41043
SHA-256 | ff1e2376eaf2d61068a709bce9010b632a1f31efe796e8530e51f478f1fc7d04
Red Hat Security Advisory 2024-0769-03
Posted Feb 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0769-03 - An update for tcpdump is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-41043
SHA-256 | 326bed2745d135677bf02cdb13d16a8ff9f14d4281f006937cc3cf9070408bcc
Red Hat Security Advisory 2024-0571-03
Posted Jan 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0571-03 - An update for tcpdump is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-41043
SHA-256 | 8e3d00969bb430387dea6b983fcc3afd5dab0d6165117cb1c51ef14851d51503
Red Hat Security Advisory 2024-0410-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0410-03 - An update for tcpdump is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-41043
SHA-256 | 64b87495c63387d74af6c0ca854488fe0fb01f45b7c8949d5a28de79840cf586
Gentoo Linux Security Advisory 202312-04
Posted Dec 22, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-4 - A vulnerability has been found in Arduino which bundled a vulnerable version of log4j. Versions greater than or equal to 1.8.19 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2021-4104
SHA-256 | e4428c05137adffbade83bd759fdfe5d40fde795984ac72eea694343c5ca0031
Gentoo Linux Security Advisory 202312-02
Posted Dec 20, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-2 - A vulnerability has been found in Minecraft Server which leads to remote code execution. Versions greater than or equal to 1.18.1 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-4104
SHA-256 | eed2c883b2664d05201148a078623ae24f53eec4bbf6382d0f9e73b5a2ce9dba
Gentoo Linux Security Advisory 202310-16
Posted Oct 26, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-16 - A vulnerability has been discovered in unifi where bundled log4j can facilitate a remote code execution Versions greater than or equal to 6.5.55 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-4104, CVE-2021-45046
SHA-256 | 5602a819c766f09b96f00fbf929733dc41ef5cd1fb0f160a5790513002ec5cc2
Gentoo Linux Security Advisory 202209-02
Posted Sep 7, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-2 - Multiple vulnerabilities have been discovered in IBM Spectrum Protect, the worst of which could result in arbitrary code execution. Versions less than 8.1.13.3 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-29672, CVE-2021-3711, CVE-2021-3712, CVE-2021-39048, CVE-2021-4104
SHA-256 | be748f02bbc511535db3f026a5b56af4cd94e4a83fb7d4e43682d8a39521bca2
Red Hat Security Advisory 2022-5460-01
Posted Jul 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5460-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 6.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.23 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 6.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2020-13935, CVE-2020-14384, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 6df87d181869dbcf87a1602ea54d2f3332a23657fbd2e9ba498c2e42253c51fb
Red Hat Security Advisory 2022-5458-01
Posted Jul 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5458-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 6.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.23 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 6.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2020-13935, CVE-2020-14384, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 726671f45e8f24159ecf02cbb9dd3cd41a2ca69b6081b9d72c0d83f7af324adb
Red Hat Security Advisory 2022-5459-01
Posted Jul 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5459-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 6.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.23 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 6.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2020-13935, CVE-2020-14384, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 714e1778adaa054663e9648cb7e135969d67ec15f982d9c91cf0c996548f7848
Red Hat Security Advisory 2022-1296-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1296-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 1de26c3c6ecdff823b58463236c3fe59d86abca7b36687d8db235b7714dca37d
Red Hat Security Advisory 2022-1297-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1297-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 58a7101151b88b40315fc79b2d43c72de0330ccf0217461528bae2197e6d2d95
Red Hat Security Advisory 2022-1299-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1299-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 38ef3cdf417ff2fa4436ce0f5afd1722d4b504dcfab834e960434daca0289dc1
Red Hat Security Advisory 2022-0661-01
Posted Feb 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0661-01 - This release of Red Hat Fuse 7.10.1 serves as a replacement for Red Hat Fuse 7.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | f479c300fc79084c051684b2216b5a70471bf4d2ef7a53e18336b4968c31b24c
Red Hat Security Advisory 2022-0553-01
Posted Feb 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0553-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 44c4c4b8c1a72d5b5324954b60da383433ff42edfbb26b207d459b15c0a95854
Red Hat Security Advisory 2022-0524-01
Posted Feb 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0524-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 14 serves as a replacement for Red Hat JBoss Web Server 3.1 Service Pack 13. This release includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, web, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 0ff7b932e09b73a16e0964486be5aae3fa4248ac05f28cdb634767009bb540ac
Red Hat Security Advisory 2022-0527-01
Posted Feb 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0527-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 14 serves as a replacement for Red Hat JBoss Web Server 3.1 Service Pack 12. This release includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, web, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 1a0b4a92eddbc3c2ec7c41f030541c192ab44fdd2436397df833c99ee7c39783
Red Hat Security Advisory 2022-0507-01
Posted Feb 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0507-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This Service Pack release of Red Hat JBoss Data Virtualization 6.4.8.SP2 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.8 and Red Hat JBoss Data Virtualization 6.4.8.SP1, and mitigates the impact of the log4j CVE's referenced in this document by removing the affected classes from the patch. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, local, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | fbe91d1bc3ed2e3fbb1fa5ff2f36ba68eca8d2c1b922285bb6706923bbca97ff
Red Hat Security Advisory 2022-0497-01
Posted Feb 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0497-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This Service Pack release of Red Hat JBoss Data Virtualization 6.4.8.SP1 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.8, and mitigates the impact of the log4j CVE's referenced in this document by removing the affected classes from the patch. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, local, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 6c39fe299319c65184c9323080800c96f0b6e163fb623cde6dac60e579651689
Red Hat Security Advisory 2022-0475-01
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0475-01 - The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 6fcbe321b9c2c6ffc4458f721ac3d10377d705e783972cecdec78d04ebaaa6e6
Red Hat Security Advisory 2022-0444-03
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0444-03 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, web, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-3521, CVE-2021-3872, CVE-2021-3984, CVE-2021-4019, CVE-2021-4104, CVE-2021-4122, CVE-2021-4192, CVE-2021-4193, CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 01d61577c054fdc6811e8c973157ed1965b0a35a1a548c43587e56e55dda446a
Red Hat Security Advisory 2022-0446-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0446-02 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.10 serves as a replacement for Red Hat Single Sign-On 7.4.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, web, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 112783847f941c93219f4cc55e0e028a6ccfced5673c00180094cffce178ae04
Red Hat Security Advisory 2022-0447-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0447-02 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.5.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, web, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-3859, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 376f5022a01430e6a9c7e885b7f111bb155282c6456882c69d24bada981ec24e
Red Hat Security Advisory 2022-0448-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0448-02 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.5.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, web, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-3859, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 79a312935feba3400e3db7b1772bbacf88f857cedd4864554cf4ac8b4af7471d
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close