Lucene search
K

238 matches found

UbuntuCve
UbuntuCve
added 2025/12/18 9:15 p.m.5 views

CVE-2025-68161

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...

6.3CVSS6.7AI score0.00743EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2025/12/18 8:47 p.m.6 views

CVE-2025-68161

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...

6.3CVSS6.1AI score0.00743EPSS
Exploits1
Cvelist
Cvelist
added 2025/12/18 8:47 p.m.21 views

CVE-2025-68161 Apache Log4j Core: Missing TLS hostname verification in Socket appender

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...

6.3CVSS0.00743EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/18 8:47 p.m.5 views

CVE-2025-68161 Apache Log4j Core: Missing TLS hostname verification in Socket appender

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...

6.3CVSS6.4AI score0.00743EPSS
Exploits1References6
CVE
CVE
added 2025/12/18 8:47 p.m.301 views

CVE-2025-68161

CVE-2025-68161 affects Apache Log4j Core Socket Appender (versions 2.0-beta9–2.25.2). Root cause: TLS hostname verification is not performed for peer certificates when configured via verifyHostName or the log4j2.sslVerifyHostName setting. Impact: potential MITM interception/redirection of log tra...

6.3CVSS6.4AI score0.00743EPSS
Exploits1References8Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52349

Name of the Vulnerable Software and Affected Versions Apache Log4j Core versions 2.0-beta9 through 2.25.2 Description The Socket Appender in Apache Log4j Core does not verify the hostname of the peer certificate during TLS connections, even when configured to do so. This could allow a...

6.3CVSS6.4AI score0.00743EPSS
Exploits1References294
Redos
Redos
added 2025/11/05 12:0 a.m.4 views

ROS-20251105-03

A vulnerability in the Apache Log4cxx C++ logging framework is related to insufficient cleanup of the user-supplied data when using an ODBC appender to send log messages to a database. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL queries in th...

8.8CVSS7.2AI score0.01597EPSS
Exploits1
Redos
Redos
added 2025/11/05 12:0 a.m.11 views

ROS-20251105-01

A vulnerability in the Apache Log4cxx C++ logging framework is related to the fact that when using the HTMLLayout, logger names are not properly escaped when written to an HTML file. Exploitation of the vulnerability could allow an attacker acting remotely to obtain sensitive data A vulnerability...

7.8CVSS7.2AI score0.0788EPSS
Exploits3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-35375

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01597EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-44832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

8.5CVSS7.7AI score0.97906EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-31038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection...

8.8CVSS7.2AI score0.01597EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/02/14 6:28 a.m.3 views

SUSE CVE-2023-31038

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0released 2003-08-06 Note that Log4cxx is a C++ framework, so only C++ applications a...

8.8CVSS8.8AI score0.01597EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.3 views

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

7.5CVSS7AI score0.01905EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.1 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.9 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.3 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.38 views

RHEL 6 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - log4j: Socket receiver deserialization vulnerability CVE-2017-5645 - Improper validation of certificate...

7.2AI score0.8904EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/02/18 12:0 a.m.41 views

GLSA-202402-16 : Apache Log4j: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-16 Apache Log4j: Multiple Vulnerabilities - Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with ...

9.8CVSS8.7AI score0.6906EPSS
Exploits4References7
ATTACKERKB
ATTACKERKB
added 2023/12/01 6:15 a.m.4 views

CVE-2023-45253

An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library...

7.8CVSS7.1AI score0.00316EPSS
Exploits2References2
OSV
OSV
added 2023/12/01 6:15 a.m.4 views

CVE-2023-45253

An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library...

7.8CVSS5.8AI score0.00316EPSS
Exploits2References1
Rows per page
Query Builder