exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

CVE-2021-44832

Status Candidate

Overview

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

Related Files

Red Hat Security Advisory 2022-1296-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1296-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 1de26c3c6ecdff823b58463236c3fe59d86abca7b36687d8db235b7714dca37d
Red Hat Security Advisory 2022-1297-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1297-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 58a7101151b88b40315fc79b2d43c72de0330ccf0217461528bae2197e6d2d95
Red Hat Security Advisory 2022-1299-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1299-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 38ef3cdf417ff2fa4436ce0f5afd1722d4b504dcfab834e960434daca0289dc1
Red Hat Security Advisory 2022-0485-01
Posted Feb 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0485-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.31. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-3521, CVE-2021-44832, CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365
SHA-256 | 6f7bd6a883143556684328257cb36296db70ecbaa5b3867d62347e1a663d11ae
Red Hat Security Advisory 2022-0493-01
Posted Feb 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0493-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.43. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-3521, CVE-2021-44832, CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365
SHA-256 | 9e7d944ca54beda01b236743b077feee00182de5b6e1edb6db7cecabd0e71943
Red Hat Security Advisory 2022-0467-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0467-02 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.7 serves as a replacement for Red Hat AMQ Streams 1.6.6, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4178, CVE-2021-44832, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 977e85296e25b25d4e8c2b15301901fd0c28bc8574a26eb0c97b25ac5633509c
Red Hat Security Advisory 2022-0181-05
Posted Jan 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0181-05 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.54. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-14866, CVE-2020-36322, CVE-2021-44832
SHA-256 | 73d36f9fbdaf2a788f122df40acc17a5801dd1fdfc2fd2a62a7fab55f3bdda30
Red Hat Security Advisory 2022-0236-04
Posted Jan 26, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0236-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-25704, CVE-2020-36322, CVE-2021-42739, CVE-2021-44832
SHA-256 | 3e5a6bec35c6856aa056bb4ac5262b34cdac38f80ac88be73be24efc217c752c
Red Hat Security Advisory 2022-0230-03
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0230-03 - OpenShift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-27292, CVE-2021-44832
SHA-256 | 741b2c0ef0ede5f4a7576bac2fdb735f258391b34069033c7131ec21ab7a60a4
Red Hat Security Advisory 2022-0227-04
Posted Jan 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0227-04 - Openshift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-27292, CVE-2021-44832
SHA-256 | 524b9d8e7fae076a0218fa8ec49657291b2e337cf931184a67eff95ddb42d52a
Red Hat Security Advisory 2022-0225-02
Posted Jan 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0225-02 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-44832
SHA-256 | c44818445185b5b9eb10bd94b0028919fa20c198b843f36adc8b60109b6edd44
Red Hat Security Advisory 2022-0226-04
Posted Jan 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0226-04 - OpenShift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-27292, CVE-2021-44832
SHA-256 | f45a4daaac33bae7e1100a60c8fb55bb1cbe77c8aa5ef50743cb24022a7380fe
Red Hat Security Advisory 2022-0223-02
Posted Jan 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0223-02 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | af1dffa6e0ac34a66deb47e28f78f747246b426fc1a6679d8adeeaeca095b063
Red Hat Security Advisory 2022-0222-02
Posted Jan 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0222-02 - This update of Red Hat Integration - Camel Extensions for Quarkus serves as a replacement for 2.2 GA. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | 68d13130bc2f69e24bed215494e5bc7bc7e78f76f91132c976acd5299a52c762
Red Hat Security Advisory 2022-0205-02
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0205-02 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | cd250dbbc8b631f4ef49a56cd288bb1c2a6242ea87976dd61585e624dd348188
Red Hat Security Advisory 2022-0083-03
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0083-03 - This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | 24d4e3d0f6f554caca41028699284d0f12ccf8d2788aba8df711c0ae434e4e18
Red Hat Security Advisory 2022-0216-06
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0216-06 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | 281f02999e731e669e2b47357df331e1d340b028336f73a01d9e81a5d0009985
Red Hat Security Advisory 2022-0203-03
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0203-03 - The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | f8f49c5ce9654d296d93186fe4a411f91a37373917ccb904ee88d4aee08b2dd8
Red Hat Security Advisory 2022-0138-06
Posted Jan 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0138-06 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.0.0 serves as a replacement for Red Hat AMQ Streams 1.8.4, and includes security and bug fixes, and enhancements. Issues addressed include bypass and code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-34429, CVE-2021-37136, CVE-2021-37137, CVE-2021-38153, CVE-2021-44832
SHA-256 | 2f38e0d8dc7b220ec5d87808989b5228ca3d8752b3d04df31a78da378fe6296a
Ubuntu Security Notice USN-5222-1
Posted Jan 12, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5222-1 - It was discovered that Apache Log4j 2 was vulnerable to remote code execution attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS.

tags | advisory, remote, denial of service, code execution
systems | linux, ubuntu
advisories | CVE-2021-44832, CVE-2021-45105
SHA-256 | ee5846a036c0891754e7ed626465c8bd6a55f3bf5eeff467765c614fef6b1fd6
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close