88 matches found
EUVD-2023-49559
Malicious code in bioql PyPI...
EUVD-2022-3735
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-1285
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in...
MAL-2025-6887 Malicious code in log4net (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a2c71f77b101535649693701491e46504cc3c34a5d35b7fa696e435f25916f2a The OpenSSF Package Analysis project identified 'log4net' @ 4.0.1 npm as malicious. It is considered malicious because: - The package communicat...
Malicious code in log4net (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a2c71f77b101535649693701491e46504cc3c34a5d35b7fa696e435f25916f2a The OpenSSF Package Analysis project identified 'log4net' @ 4.0.1 npm as malicious. It is considered malicious because: - The package communicat...
OPENSUSE-SU-2024:12311-1 log4net-1.2.10-78.1 on GA media
These are all security issues fixed in the log4net-1.2.10-78.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:10072-1 log4net-1.2.10-75.6 on GA media
These are all security issues fixed in the log4net-1.2.10-75.6 package on the GA media of openSUSE Tumbleweed...
CVE-2023-45253
An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library...
CVE-2023-45253
An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library...
Design/Logic Flaw
An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library...
CVE-2023-45253
An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library...
CVE-2023-45253
An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library...
CVE-2023-45253
CVE-2023-45253 affects Huddly HuddlyCameraService prior to version 8.0.7 (excluding 7.99). The Red Hat entries describe a related DLL Hijacking weakness in the same product line, with write-privilege directory installation enabling file manipulation and potential privilege escalation. For CVE-202...
Advisory ROSA-SA-2023-2169
software: log4net 1.2.15 OS: ROSA-CHROME packageevrstring: log4net-1.2.15-6.src.rpm CVE-ID: CVE-2018-1285 BDU-ID: 2021-01050 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the logging library to the .NET Framework log4net platform is related to XML external object XXE link restriction errors...
SUSE CVE-2006-0743
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service memory corruption and termination via unknown vectors...
SUSE CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
K48127735: Apache log4net Vulnerability CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. CVE-2018-1285 Impact There is no impact; F5 products are not affected...
Dotnetnuke 6.0.x < 9.11.0 Multiple Vulnerabilities (09.11.00)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 9.11.0. It is, therefore, affected by multiple vulnerabilities. - A third-party dependency, Moment.js, published security updates to their library. Fixes for the Issue DNN Platfor...
GHSA-F9FR-W54Q-772H Apache log4net format string vulnerability causes DoS
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service memory corruption and termination via unknown vectors...
Apache log4net format string vulnerability causes DoS
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service memory corruption and termination via unknown vectors...