OPENSUSE-SU-2026:11016-1 logback-1.5.34-2.1 on GA media

These are all security issues fixed in the logback-1.5.34-2.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-45408

Name of the Vulnerable Software and Affected Versions logback-core versions prior to 1.5.34 Description Deserialization of untrusted data in the HardenedObjectInputStream module allows for Object Injection, although the impact is heavily restricted. An attacker capable of influencing serialized...

logback-1.2.13-2.1 on GA media (moderate)

logback-1.2.13-2.1 on GA media Announcement ID: openSUSE-SU-2026:10114-1 Rating: moderate Cross-References: CVE-2026-1225 CVSS scores: CVE-2026-1225 SUSE : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

Quality Open Software Logback 安全漏洞

Quality Open Software Logback is a logging framework for Java applications from Quality Open Software, Switzerland. A security vulnerability exists in Quality Open Software Logback version 1.5.18 and earlier, which stems from improper handling of conditional configuration files and could lead to...

CVE-2024-12801

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

CVE-2024-12801

CVE-2024-12801 describes a Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback up to 1.5.12 on the Java platform, enabling forging requests via compromised XML configuration via modification of the DOCTYPE declaration. The connected IBM Security Bulletin for this CVE lists af...

CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

ai.tock:bot-test (=22.3.2), ai.tock:bot-test-base (=22.3.2) +347 more potentially affected by CVE-2023-6378 via ch.qos.logback:logback-classic (>=1.3.0 <=1.3.11)

ch.qos.logback:logback-classic MAVEN version =1.3.0, =1.3.11 is affected by a known vulnerability. The following packages have a transitive dependency on ch.qos.logback:logback-classic and may be impacted: - ai.tock:bot-test =22.3.2 - ai.tock:bot-test-base =22.3.2 - ai.tock:bot-toolkit =22.3.2 -...

CVE-2023-6378

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

CVE-2023-6378

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

Design/Logic Flaw

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

K97521840: logback vulnerability CVE-2021-42550

Security Advisory Description In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. CVE-2021-42550 Impact There is no impact; F5 products...

OPENSUSE-SU-2021:4109-1 Security update for logback

This update for logback fixes the following issues: Upgrade to version 1.2.8 + In response to log4Shell/CVE-2021-44228, all JNDI lookup code in logback has been disabled until further notice. This impacts ContextJNDISelector and insertFromJNDI element in configuration files. + Also in response to...