Lucene search
K

2430 matches found

RedHat Linux
RedHat Linux
added 4 days ago3 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.9AI score0.0086EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:8 a.m.4 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and ifix Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used,...

9.1CVSS5.9AI score0.01127EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 4:46 p.m.6 views

Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in log4j-core-2.17.2 (CVE-2025-68161)

Summary IBM® Db2® federated server is affected by a vulnerability in log4j-core-2.17.2 CVE-2025-68161 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

6.3CVSS6.3AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 10:42 a.m.7 views

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9

Summary Multiple vulnerabilities have been addressed in components used by IBM License Metric Tool Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when...

7.5CVSS5.8AI score0.0086EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/21 8:3 a.m.17 views

ROOT-APP-MAVEN-CVE-2026-34478 CVE-2026-34478 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34478 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00831EPSS
Exploits0
OSV
OSV
added 2026/06/21 8:3 a.m.6 views

ROOT-APP-MAVEN-CVE-2025-68161 CVE-2025-68161 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2025-68161 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

4.8CVSS5.8AI score0.00743EPSS
Exploits1
OSV
OSV
added 2026/06/21 8:3 a.m.13 views

ROOT-APP-MAVEN-CVE-2026-34477 CVE-2026-34477 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34477 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

5.9CVSS5.8AI score0.00395EPSS
Exploits0
OSV
OSV
added 2026/06/21 8:3 a.m.18 views

ROOT-APP-MAVEN-CVE-2026-34481 CVE-2026-34481 in io.root.org.apache.logging.log4j:log4j-layout-template-json - Patched by Root

Root has patched CVE-2026-34481 in the io.root.org.apache.logging.log4j:log4j-layout-template-json package for Root:Maven. Multiple fixed versions available...

5.3CVSS5.8AI score0.00555EPSS
Exploits0
OSV
OSV
added 2026/06/21 8:3 a.m.16 views

ROOT-APP-MAVEN-CVE-2026-34479 CVE-2026-34479 in io.root.org.apache.logging.log4j:log4j-1.2-api - Patched by Root

Root has patched CVE-2026-34479 in the io.root.org.apache.logging.log4j:log4j-1.2-api package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00535EPSS
Exploits1
OSV
OSV
added 2026/06/21 8:3 a.m.13 views

ROOT-APP-MAVEN-CVE-2026-34480 CVE-2026-34480 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34480 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.0086EPSS
Exploits0
OSV
OSV
added 2026/06/21 7:54 a.m.8 views

ROOT-APP-MAVEN-CVE-2021-44832 CVE-2021-44832 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2021-44832 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

8.5CVSS7.6AI score0.97906EPSS
Exploits9
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.20 views

Astra Linux – Vulnerability in Apache Log4j1.2

In Log4j 1.2, the JMSAppender component is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide configurations for TopicBindingName and TopicConnectionFactoryBindingName, causing the JMSAppender to make JNDI reques...

7.5CVSS7.3AI score0.81147EPSS
Exploits9References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Apache Log4j1.2

CVE-2020-9493 identified a deserialization issue present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.2.x, and the same issue still exists there...

9CVSS7.5AI score0.52458EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Apache Log4j2

Improper validation of certificates with host mismatches in the Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack, thereby leaking any log messages sent through that appender. This issue has been fixed in Apache Log4j 2.12.3 and 2.13....

4.3CVSS6.6AI score0.08096EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Apache Log4j2

In Apache Log4j Core versions 2.0-beta9 through 2.25.2, the Socket Appender does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostNa...

6.3CVSS6.3AI score0.00743EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Apache Log4j2

Apache Log4j2 versions 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 have JNDI features that are used in configuration, log messages, and parameters. However, these features do not protect against attacks from controlled LDAP endpoints and other JNDI-related...

10CVSS8.1AI score0.99999EPSS
Exploits351References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:43 a.m.6 views

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 6 Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname...

9.3CVSS6.3AI score0.00831EPSS
Exploits3Affected Software1
OSV
OSV
added 2026/06/17 12:43 p.m.10 views

ROOT-APP-MAVEN-CVE-2023-26464 CVE-2023-26464 in io.root.log4j:log4j - Patched by Root

Root has patched CVE-2023-26464 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.01905EPSS
Exploits0
OSV
OSV
added 2026/06/17 12:43 p.m.7 views

ROOT-APP-MAVEN-CVE-2022-23302 CVE-2022-23302 in io.root.log4j:log4j - Patched by Root

Root has patched CVE-2022-23302 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...

8.8CVSS7.3AI score0.61785EPSS
Exploits0
OSV
OSV
added 2026/06/17 12:43 p.m.6 views

ROOT-APP-MAVEN-CVE-2022-23307 CVE-2022-23307 in io.root.log4j:log4j - Patched by Root

Root has patched CVE-2022-23307 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...

9CVSS7.3AI score0.52458EPSS
Exploits0
Rows per page
Query Builder