Search CVE reports


Toggle filters

11 – 13 of 13 results


CVE-2021-44228

High priority
Fixed

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other...

1 affected package

apache-log4j2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache-log4j2 Not affected Fixed Fixed
Show less packages

CVE-2020-9488

Medium priority

Some fixes available 1 of 4

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that...

1 affected package

apache-log4j2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache-log4j2 Not affected Not affected Not affected Fixed Needs evaluation
Show less packages

CVE-2017-5645

Medium priority
Vulnerable

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute...

1 affected package

apache-log4j2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache-log4j2 Not affected Not affected Not affected Not affected Not affected
Show less packages