19 matches found
EUVD-2021-30887
Malicious code in bioql PyPI...
K48127735: Apache log4net Vulnerability CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. CVE-2018-1285 Impact There is no impact; F5 products are not affected...
Oracle Application Testing Suite (Apr 2022 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by a vulnerability as referenced in the April 2022 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apache log4ne...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has remedied vulnerabilities in the following Enterprise Manager products: Enterprise Manager Base Platform Enterprise Manager for Peoplesoft Application Testing Suite Enterprise Manager Ops Center Enterprise Manager for Storage Management The vulnerabilities allow a malicious person to...
CVE-2021-44028
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...
Design/Logic Flaw
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...
CVE-2021-44028
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...
Fedora: Security Advisory for log4net (FEDORA-2020-73d380e9b9)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : log4net (2020-847775bf79)
Security fix for CVE-2018-1285 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
Fedora 30 : log4net (2020-cfc319e067)
Security fix for CVE-2018-1285 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
Debian: Security Advisory (DLA-2211-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-1285
creationtimestamp| type| source ---|---|--- 2020-05-11 20:59:26+00:00| seen| https://t.me/cibsecurity/11992 2025-05-22 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-142-02 2026-05-13 16:36:23+00:00| seen|...
CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
UBUNTU-CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
CVE-2018-1285
CVE-2018-1285 affects Apache log4net up to version 2.0.9 (pre-2.0.10), where XML External Entity (XXE) processing is not disabled when parsing log4net configuration files, enabling XXE-based attacks in apps that accept attacker-controlled config. The connected IBM security bulletin confirms the v...
CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...