CVE-2022-22965
- EPSS 94.44%
- Published 01.04.2022 23:15:13
- Last modified 10.04.2025 16:56:46
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Sp...
- EPSS 94.34%
- Published 14.12.2021 19:15:07
- Last modified 12.03.2025 19:52:00
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a n...
- EPSS 94.36%
- Published 10.12.2021 10:15:09
- Last modified 08.08.2025 18:52:00
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An atta...
- EPSS 4.58%
- Published 14.09.2021 11:15:24
- Last modified 21.11.2024 06:06:26
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Con...