Tag
#java
An update for rh-maven36-log4j12 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23302: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink * CVE-2022-23305: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender * CVE-2022-23307: log4j: Unsafe deserialization flaw in Chainsaw log viewer
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender * CVE-2022-23302: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink * CVE-2022-23305: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppe...
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender * CVE-2022-23302: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink * CVE-2022-23305: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender * CVE-2022-23307: log4j: Unsafe dese...
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender * CVE-2022-23302: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink * CVE-2022-23305: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender * CVE-2022-23307: log4j: Uns...
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender * CVE-2022-23302: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink * CVE-2022-23305: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender * CVE-2022-23307: log4j: Uns...
Release of OpenShift Serverless Client kn 1.20.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-29923: golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet * CVE-2021-38297: golang: Command-line arguments may overwrite global data * CVE-2021-39293: golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes a bug fixes, security patches and new feature enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-29923: golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender * CVE-2022-23302: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink * CVE-2022-23305: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender * CVE-2022-23307: log4j: Unsafe deserialization flaw in Chainsaw log...
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23959: varnish: HTTP/1 request smuggling vulnerability
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23959: varnish: HTTP/1 request smuggling vulnerability