455 matches found
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core which is vulnerable to CVE-2025-11226
Summary IBM Maximo Application Suite - Visual Inspection component uses logback-core which is vulnerable to CVE-2025-11226. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in logback-core-1.3.15.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in logback-core-1.3.15.jar Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows...
openSUSE Security Advisory (SUSE-SU-2026:0361-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : logback (SUSE-SU-2026:0361-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0361-1 advisory. - CVE-2026-1225: ACE vulnerability in configuration file bsc1257094 Tenable has extracted the preceding description block directly from the SUSE security...
Security update for logback
This update for logback fixes the following issues: CVE-2026-1225: ACE vulnerability in configuration file bsc1257094 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command liste...
SUSE-SU-2026:0361-1 Security update for logback
This update for logback fixes the following issues: - CVE-2026-1225: ACE vulnerability in configuration file bsc1257094...
Security Bulletin: Arbitrary Code Execution in Logback-Core via Conditional Configuration Processing, affects watsonx.data
Summary QOS.CH logback-core up to and including version 1.5.18 is vulnerable to arbitrary code execution due to unsafe conditional configuration file processing. An attacker with existing privileges can exploit this by modifying an existing Logback configuration file or injecting a malicious...
logback-1.2.13-2.1 on GA media (moderate)
logback-1.2.13-2.1 on GA media Announcement ID: openSUSE-SU-2026:10114-1 Rating: moderate Cross-References: CVE-2026-1225 CVSS scores: CVE-2026-1225 SUSE : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...
OPENSUSE-SU-2026:10114-1 logback-1.2.13-2.1 on GA media
These are all security issues fixed in the logback-1.2.13-2.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
External Initialization of Trusted Variables or Data Stores
Overview ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores during the configuration file processing. An attacker can instantiate arbitrary classes already present on the class path ...
Logback allows an attacker to instantiate classes already present on the class path
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
GHSA-QQPG-MVQG-649V Logback allows an attacker to instantiate classes already present on the class path
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
UBUNTU-CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
CVE-2026-1225 Malicious logback.xml configuration file allows instantiation of arbitrary classes
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
EUVD-2026-4130
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...