Search CVE reports
1 – 6 of 6 results
CVE-2021-44832
Medium prioritySome fixes available 4 of 8
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI...
1 affected packages
apache-log4j2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache-log4j2 | Needs evaluation | Not affected | Fixed | Fixed | Vulnerable |
CVE-2021-45105
Medium prioritySome fixes available 4 of 5
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a...
1 affected packages
apache-log4j2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache-log4j2 | Not affected | Not affected | Fixed | Fixed | Vulnerable |
CVE-2021-45046
High priorityIt was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging...
1 affected packages
apache-log4j2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache-log4j2 | — | Not affected | Fixed | Not affected | Not affected |
CVE-2021-44228
High priorityApache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other...
1 affected packages
apache-log4j2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache-log4j2 | — | Not affected | Fixed | Fixed | Fixed |
CVE-2020-9488
Medium prioritySome fixes available 1 of 4
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that...
1 affected packages
apache-log4j2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache-log4j2 | Not affected | Not affected | Fixed | Needs evaluation | Ignored |
CVE-2017-5645
Medium priorityIn Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute...
1 affected packages
apache-log4j2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache-log4j2 | Not affected | Not affected | Not affected | Not affected | Vulnerable |