Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache chainsaw vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-9493
A deserialization flaw was found in Apache Chainsaw versions before 2.1.0 which could lead to malicious code execution.
Apache Chainsaw
Apache Log4j
Qos Reload4j
7.5
CVSSv3
CVE-2023-26464
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component...
Apache Log4j
8.8
CVSSv3
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Apache Chainsaw
Apache Log4j
Qos Reload4j
Oracle Advanced Supply Chain Planning 12.1
Oracle Advanced Supply Chain Planning 12.2
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
Oracle Communications Instant Messaging Server 10.0.1.5.0
1 Github repository
1 Article
8.8
CVSSv3
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBi...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Advanced Supply Chain Planning 12.1
Oracle Advanced Supply Chain Planning 12.2
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
2 Articles
9.8
CVSSv3
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows malicious users to manipulate the SQL by ent...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Advanced Supply Chain Planning 12.1
Oracle Advanced Supply Chain Planning 12.2
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
2 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-44852
CVE-2024-3400
CVE-2024-30129
insecure direct object reference
CVE-2024-12115
CVE-2024-11220
CVE-2024-51378
privilege escalation
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started