Unity Linux 20.1060e / 20.1070e Security Update: logback (UTSA-2026-016687)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016687 advisory. In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in logback-core-1.3.15.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in logback-core-1.3.15.jar Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows...

GHSA-QQPG-MVQG-649V Logback allows an attacker to instantiate classes already present on the class path

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

EUVD-2026-4130

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

Logback allows an attacker to instantiate classes already present on the class path

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

EUVD-2021-2454

Malware in sbrugna...

EUVD-2024-3561

Malicious code in bioql PyPI...

EUVD-2023-27691

Malicious code in bioql PyPI...

Quality Open Software Logback 安全漏洞

Quality Open Software Logback is a logging framework for Java applications from Quality Open Software, Switzerland. A security vulnerability exists in Quality Open Software Logback version 1.5.18 and earlier, which stems from improper handling of conditional configuration files and could lead to...

USN-7616-1 logback vulnerabilities

It was discovered that logback could read malicious configuration files from LDAP servers. An attacker with the required permissions could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-42550 It was...

Security Bulletin: Vulnerability in logback affects IBM Storage Insights

Summary logback is vulnerable to forging requests, arbitrary code execution, These vulnerabilities affect IBM Storage Insights. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 ...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerabilit...

CVE-2024-12801 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

CVE-2024-12801 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

Security Bulletin: vulnerability in Logback affects IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by a vulnerability in Logback that can cause denial of service CVE-2023-6378 Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the receiver component. By...

Security Bulletin: Vulnerability in QOS.ch Sarl Logback affects watsonx.data

Summary A serialization vulnerability in logback receiver component part of QOS.ch Sarl Logback allows an attacker to mount a Denial-Of-Service attack to watsonx.data by sending poisoned data. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of...

CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

PT-2023-32684 · Atlassian · Confluence +2

Name of the Vulnerable Software and Affected Versions: logback versions 1.2.12 through 1.4.13 Bitbucket Data Center and Server versions 7.21.0 through 8.16.0 Confluence Data Center and Server versions 6.0.1 through 8.7.1 Description: A serialization vulnerability in the logback receiver component...

PT-2023-7936

Name of the Vulnerable Software and Affected Versions: logback version 1.4.11 Confluence Data Center and Server versions from 6.0.1 to 8.7.1 Confluence Data Center and Server versions from 8.7.0 to 8.7.1 Confluence Data Center versions from 8.6.0 to 8.6.2 Confluence Data Center versions from 8.5....

Security Bulletin: A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-42550)

Summary Security Bulletin: A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2021-42550. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote...