Lucene search
K

88 matches found

Mageia
Mageia
added 2020/05/27 9:52 a.m.48 views

Updated log4net packages fix security vulnerability

Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...

9.8CVSS6.9AI score0.17823EPSS
Exploits0References3
OSV
OSV
added 2020/05/27 9:52 a.m.11 views

MGASA-2020-0233 Updated log4net packages fix security vulnerability

Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...

9.8CVSS6.9AI score0.17823EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/05/26 12:0 a.m.34 views

Fedora 30 : log4net (2020-cfc319e067)

Security fix for CVE-2018-1285 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...

9.8CVSS7.2AI score0.17823EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/05/26 12:0 a.m.37 views

Fedora 31 : log4net (2020-847775bf79)

Security fix for CVE-2018-1285 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...

9.8CVSS7.2AI score0.17823EPSS
Exploits0References2
Fedora
Fedora
added 2020/05/24 4:2 a.m.46 views

[SECURITY] Fedora 30 Update: log4net-2.0.8-10.fc30

log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime...

9.8CVSS1.1AI score0.17823EPSS
Exploits0
Fedora
Fedora
added 2020/05/24 3:29 a.m.57 views

[SECURITY] Fedora 32 Update: log4net-2.0.8-10.fc32

log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime...

9.8CVSS1.1AI score0.17823EPSS
Exploits0
Fedora
Fedora
added 2020/05/24 3:16 a.m.68 views

[SECURITY] Fedora 31 Update: log4net-2.0.8-10.fc31

log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime...

9.8CVSS1.1AI score0.17823EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/05/18 12:0 a.m.23 views

Debian DLA-2211-1 : log4net security update

It was discovered that there was an XML external entity vulnerability in log4net, a logging API for the ECMA Common Language Infrastructure CLI, sometimes referred to as 'Mono'. This type of attack occurs when XML input containing a reference to an internet-faced entity is processed by a weakly...

5.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2020/05/16 12:0 a.m.12 views

Debian: Security Advisory (DLA-2211-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.17823EPSS
Exploits0References3
Debian
Debian
added 2020/05/15 12:5 p.m.56 views

[SECURITY] [DLA 2211-1] log4net security update

Package : log4net Version : 1.2.10+dfsg-6+deb8u1 It was discovered that there was an XML external entity vulnerability in log4net, a logging API for the ECMA Common Language Infrastructure CLI, sometimes referred to as "Mono". This type of attack occurs when XML input containing a reference to an...

7AI score
Exploits0
OSV
OSV
added 2020/05/15 12:0 a.m.60 views

DLA-2211-1 log4net - security update

Bulletin has no description...

9.8CVSS7.2AI score0.17823EPSS
Exploits0
CNVD
CNVD
added 2020/05/12 12:0 a.m.2 views

Apache log4net XXE Vulnerability

Apache log4net is the United States Apache Apache Software Foundation, a logging output tool. A security vulnerability exists in the parsing of log4net configuration files in Apache log4net versions prior to 2.0.8. An attacker can exploit this vulnerability to force the system to accept arbitrary...

9.8CVSS9.3AI score0.17823EPSS
Exploits0References1
NVD
NVD
added 2020/05/11 5:15 p.m.28 views

CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...

9.8CVSS7.3AI score0.17823EPSS
Exploits0References17
OSV
OSV
added 2020/05/11 5:15 p.m.14 views

CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...

9.8CVSS9.4AI score
Exploits0References17
OSV
OSV
added 2020/05/11 5:15 p.m.3 views

DEBIAN-CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...

9.8CVSS7.1AI score0.17823EPSS
Exploits0References1
Prion
Prion
added 2020/05/11 5:15 p.m.22 views

Cross site scripting

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...

7.5CVSS7.1AI score0.17823EPSS
Exploits0References17Affected Software5
UbuntuCve
UbuntuCve
added 2020/05/11 5:15 p.m.50 views

CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...

9.8CVSS7AI score0.17823EPSS
Exploits0References5
OSV
OSV
added 2020/05/11 5:15 p.m.3 views

UBUNTU-CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...

9.8CVSS6.9AI score0.17823EPSS
Exploits0References6
CVE
CVE
added 2020/05/11 4:41 p.m.365 views

CVE-2018-1285

CVE-2018-1285 affects Apache log4net up to version 2.0.9 (pre-2.0.10), where XML External Entity (XXE) processing is not disabled when parsing log4net configuration files, enabling XXE-based attacks in apps that accept attacker-controlled config. The connected IBM security bulletin confirms the v...

9.8CVSS7.1AI score0.17823EPSS
Exploits0References17Affected Software1
Debian CVE
Debian CVE
added 2020/05/11 4:41 p.m.109 views

CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...

9.8CVSS7.4AI score0.17823EPSS
Exploits0
Rows per page
Query Builder