QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
9.8CVSS
9.2AI Score
0.017EPSS
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
6.6CVSS
6.9AI Score
0.016EPSS
A serialization vulnerability in logback receiver component part oflogback version 1.4.11 allows an attacker to mount a Denial-Of-Serviceattack by sending poisoned data.
7.5CVSS
7.2AI Score
0.0005EPSS
A serialization vulnerability in logback receiver component part oflogback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Serviceattack by sending poisoned data.
7.5CVSS
7.2AI Score
0.0005EPSS