Lucene search
K

5 matches found

UbuntuCve
UbuntuCve
added 2026/04/10 4:16 p.m.5 views

CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

7.5CVSS5.8AI score0.00535EPSS
Exploits1References7
OSV
OSV
added 2026/04/10 4:16 p.m.9 views

UBUNTU-CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

7.5CVSS5.8AI score0.00535EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/04/10 3:41 p.m.25 views

CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

6.9CVSS0.00535EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/02 10:9 p.m.10 views

@keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script

Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...

6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/02 10:9 p.m.3 views

GHSA-8986-V76Q-8VR2 @keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script

Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...

7.5CVSS6AI score
Exploits0References4
Rows per page
Query Builder