74 matches found
[SECURITY] Fedora 44 Update: log4cxx-1.7.0-2.fc44
Log4cxx is a popular logging package written in C++. One of its distinctive features is the notion of inheritance in loggers. Using a logger hierarchy it is possible to control which log statements are output at arbitrary granularity. This helps reduce the volume of logged output and minimize the...
Updated log4cxx packages fix security vulnerability
CVE-2026-40023, Apache Log4cxx, Apache Log4cxx Conan, Apache Log4cxx Brew: Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters...
MGASA-2026-0218 Updated log4cxx packages fix security vulnerability
CVE-2026-40023, Apache Log4cxx, Apache Log4cxx Conan, Apache Log4cxx Brew: Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters...
OSV-2026-853 Stack-buffer-overflow in log4cxx::helpers::Transcoder::decode
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519671967 Crash type: Stack-buffer-overflow READ 1 Crash state: log4cxx::helpers::Transcoder::decode TranscoderFuzzer.cpp CentipedeRunnerMain...
PT-2026-49158
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519671967 Crash type: Stack-buffer-overflow READ 1 Crash state: log4cxx::helpers::Transcoder::decode TranscoderFuzzer.cpp CentipedeRunnerMain...
openSUSE 16 Security Update : log4cxx (openSUSE-SU-2026:20705-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20705-1 advisory. Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain...
OPENSUSE-SU-2026:20705-1 Security update for log4cxx
This update for log4cxx fixes the following issues: Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain characters not allowed by the XML 1.0 specification An XML configuration file with recursive...
liblog4cxx-devel-1.7.0-2.1 on GA media (moderate)
liblog4cxx-devel-1.7.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10566-1 Rating: moderate Cross-References: CVE-2026-40023 CVSS scores: CVE-2026-40023 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2026-40023 SUSE : 6.3...
CVE-2026-40023
A flaw was found in Apache Log4cxx. An attacker who can influence logged data can exploit this by injecting characters forbidden by the XML 1.0 specification a standard for encoding documents into log messages, Network Device Configuration NDC, and Mapped Diagnostic Context MDC property keys and...
Linux Distros Unpatched Vulnerability : CVE-2026-40023
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters...
EUVD-2026-21490
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...
DEBIAN-CVE-2026-40023
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...
CVE-2026-40023
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...
CVE-2026-40023
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...
UBUNTU-CVE-2026-40023
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...
CVE-2026-40023
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...
CVE-2026-40023 Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...
CVE-2026-40023
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...
CVE-2026-40023
CVE-2026-40023 concerns Apache Log4cxx XMLLayout (pre-1.7.0) that fails to sanitize XML 1.0 forbidden characters in log messages, NDC, and MDC keys/values, producing invalid XML. Conforming parsers may reject such documents, potentially dropping or failing to index affected records and impairing ...
Apache Log4cxx 安全漏洞
Apache Log4cxx is a C++ logging framework developed by the Apache Foundation, based on the Apache log4j framework. Versions of Apache Log4cxx prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from XMLLayout not clearing characters prohibited by the XML 1.0...