ROOT-APP-MAVEN-CVE-2026-34479 CVE-2026-34479 in io.root.org.apache.logging.log4j:log4j-1.2-api - Patched by Root

Root has patched CVE-2026-34479 in the io.root.org.apache.logging.log4j:log4j-1.2-api package for Root:Maven. Multiple fixed versions available...

Astra Linux - уязвимость в apache-log4j1.2

CVE-2020-9493 identified a deserialization issue present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.2.x, and the same issue still exists there...

Astra Linux - уязвимость в apache-log4j1.2

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter, where the values to be inserted are converted using PatternLayout. The message converter %m is likely to always be included. This allows attackers to manipulate SQL statements by entering crafted...

EUVD-2022-0575

Malicious code in bioql PyPI...

TencentOS Server 3: parfait:0.5 (TSSA-2022:0006)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0006 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

GLSA-202312-04 : Arduino: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202312-04 Arduino: Remote Code Execution - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...

GLSA-202312-02 : Minecraft Server: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202312-02 Minecraft Server: Remote Code Execution - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingNa...

Ubuntu 16.04 ESM : Apache Log4j 1.2 vulnerability (USN-5223-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5223-2 advisory. USN-5223-1 fixed a vulnerability in Apache Log4j 1.2. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding...

OESA-2022-2065 log4j12 security update

With log4j it is possible to enable logging at runtime without modifying the application binary. Security Fixes: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104)

Summary A vulnerability in Apache Log4j 1.2 CVE-2021-4104 may affect IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite, which utilize log4j for its logging functionality. Although no known vulnerability impact has been proven, it is strongly...

OESA-2022-1781 log4j12 security update

With log4j it is possible to enable logging at runtime without modifying the application binary. Security Fixes: By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converte...

Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)

Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are use...

EulerOS 2.0 SP5 : log4j (EulerOS-SA-2022-1276)

According to the versions of the log4j package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to SQL injection due to Apache Log4j (CVE-2022-23305)

Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services as part of its logging infrastructure. JDBCAppender in Apache Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The fix includes Apache Log4j...

OESA-2022-1513 log4j12 security update

With log4j it is possible to enable logging at runtime without modifying the application binary. Security Fixes: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...

Security Bulletin: IBM UrbanCode Release is vulnerable to arbitrary code execution due to Apache Log4j( CVE-2021-44228)

Summary IBM UrbanCode Release is impacted by CVE-2021-44228 through the use Apache log4j-1.2 which is part of the logging infrastructure. A logging configuration change can exploit the weakness resulting in unauthorized access to the administrative functions within Settings. An iFix has been...

USN-5223-2 apache-log4j1.2 vulnerability

USN-5223-1 fixed a vulnerability in Apache Log4j 1.2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker coul...

[SECURITY] [DLA 2905-1] apache-log4j1.2 security update

Debian LTS Advisory DLA-2905-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 31, 2022 https://wiki.debian.org/LTS Package : apache-log4j1.2 Version : 1.2.17-7+deb9u2 CVE ID : CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 Debian Bug : 1004482...

Debian DLA-2905-1 : apache-log4j1.2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2905 advisory. - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provi...

SUSE SLED15 / SLES15 Security Update : log4j12 (SUSE-SU-2022:0226-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0226-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write acce...