Log4j is an open-source logging framework developed by the Apache Foundation which is incorporated into many Java-based applications on both servers and end-user systems.A series of vulnerabilities in the popular Java-based logging library Log4j is under active exploitation by multiple threat actors. The current list of vulnerabilities and recommended fixes are listed here: CVE-2021-44228 (CVSS score: 10.0- CRITICAL) – Apache Log4j2 JNDI features do not...
Read More
DESCRIPTION:Multiple vulnerabilities have been identified in Mozilla Thunderbird,the most severe of which could allow for arbitrary code execution.Mozilla Thunderbird is an email client. Successful exploitation of themost severe of these vulnerabilities could allow for arbitrary codeexecution. Depending on the privileges associated with the user, anattacker could then install programs; view, change, or delete data; orcreate new accounts with full user rights. Users whose accounts areconfigured...
Read More
DESCRIPTION:A vulnerability has been discovered in SonicWall SMA100 Series thatcould allow for arbitrary file deletion. The SonicWall SMA 100 Series isa unified secure access gateway that enables organizations to provideaccess to any application, anytime, from anywhere, and any devices,including managed and unmanaged. Successful exploitation of thisvulnerability could result in arbitrary file deletion which enables anattacker to reboot the device to factory default settings. Afterward,this could...
Read More
Description: Apache Log4j2 <=2.14.1 JNDI features used in the configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10)...
Read More