Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/04/13 5:23 p.m.4 views

CVE-2026-40023

A flaw was found in Apache Log4cxx. An attacker who can influence logged data can exploit this by injecting characters forbidden by the XML 1.0 specification a standard for encoding documents into log messages, Network Device Configuration NDC, and Mapped Diagnostic Context MDC property keys and...

6.3CVSS5.7AI score0.00499EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.11 views

SUSE CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

8.1CVSS7.3AI score0.99977EPSS
Exploits39References5
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.5 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits350References8
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.7 views

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

5.9CVSS7.3AI score0.99999EPSS
Exploits20References7
RedHat Linux
RedHat Linux
added 2022/04/11 12:59 p.m.7 views

log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...

5.9CVSS7.3AI score0.99999EPSS
Exploits20References7
RedHat Linux
RedHat Linux
added 2022/04/11 12:59 p.m.8 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits350References8
GithubExploit
GithubExploit
added 2021/12/15 4:28 p.m.452 views

Exploit for Expression Language Injection in Apache Log4J

tejas-nagchandi/CVE-2021-45046 Attack !imagehttps://use...

10CVSS10AI score0.99999EPSS
Exploits350
OSV
OSV
added 2021/12/14 7:15 p.m.7 views

DEBIAN-CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

9CVSS8.1AI score0.99977EPSS
Exploits39References1
Rows per page
Query Builder