RSS   Vulnerabilities for
'Computer vision annotation tool'
   RSS

2021-12-14
 
CVE-2021-45046

CWE-502
 

 
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

 
2021-12-10
 
CVE-2021-44228

CWE-502
 

 
Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

 

 >>> Vendor: Intel 1890 Products
Pentium
Pentuim
Iparty
Inbusiness email station
Netstructure 7110
Netstructure 7180
Express 8100
Shiva access manager
Express 510t
Express 520t
Express 550f
Express 550t
High-bandwidth digital content protection
Xircom rex 6000
Intel pro wireless 2011b lan usb device driver
D845bg motherboard
D845hv motherboard
D845pt motherboard
D845wn motherboard
IA64
Collaboration suite
Cli auto-configuration utility
Client system setup utility
Server configuration wizard
Server control
System setup utility
Carrier grade server tigpr2u
Carrier grade server tsrlt2
Carrier grade server tsrmt2
Entry server board se7210tp1-e
Entry server platform sr1325tp1-e
Server board scb2
Server board sds2
Server board se7500wv2
Server board se7501hg2
Server board shg2
Server platform spsh4
Server platform sr870bh2
Server platform sr870bn4
Server platform srsh4
Graphics accelerator driver
Proset wireless
2200bg proset wireless
2915abg proset wireless
2100 proset wireless
Pro 1000 adapters
Pro 1000 pcie adapters
Pro 10 100 adapters
Pro 10gbe adapters
Core 2 duo e4000
Core 2 duo e6000
Core 2 extreme x6800
Enterprise southbridge 2 bmc
Enterprise southbridge bmc
Server board s5000pal
Server board s5000psl
Server board s5000vcl
Server board s5000vsa
Server board s5000xal
Server board s5000xvn
Server board sc5400ra
Pro 1000 lan adapter
Pro wireless 3945abg
Wireless wifi link 4965agn
Network interface controller
Unite
Indeo
BIOS
Service manager
Trusted execution technology
E1000
Gm45 chipset
Pm45 express chipset
Q35 chipset
Q43 express chipset
Q45 chipset
Intel desktop board
Intel alert management system
G41 driver
Connman
Threading building blocks
3450 chipset
5500 chipset
5520 chipset
7500 chipset
C202 chipset
C204 chipset
C206 chipset
Mobile intel gm45 chipset
Mobile intel gs45 chipset
Mobile intel pm45 express chipset
Mobile intel qm57 chipset
Mobile intel qm67 chipset
Mobile intel qs57 chipset
Mobile intel qs57 express chipset
Mobile intel qs67 chipset
Q35 express chipset
Q57 chipset
Q67 express chipset
X58 chipset
See all Products for Vendor Intel


Copyright 2024, cxsecurity.com

 

Back to Top