CVE-2019-17571
- EPSS 53.46%
- Veröffentlicht 20.12.2019 17:15:11
- Zuletzt bearbeitet 21.11.2024 04:32:33
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic fo...
CVE-2019-2904
- EPSS 21.04%
- Veröffentlicht 16.10.2019 18:15:27
- Zuletzt bearbeitet 21.11.2024 04:41:46
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacke...
CVE-2017-5645
- EPSS 94.01%
- Veröffentlicht 17.04.2017 21:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.