Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 6 of 6 results


CVE-2023-26464

Low priority
Needs evaluation

** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap...

1 affected packages

apache-log4j1.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j1.2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-23307

Medium priority

Some fixes available 3 of 9

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

1 affected packages

apache-log4j1.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j1.2 Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-23305

Medium priority

Some fixes available 3 of 9

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This...

1 affected packages

apache-log4j1.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j1.2 Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-23302

Low priority

Some fixes available 3 of 9

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to....

1 affected packages

apache-log4j1.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j1.2 Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-4104

Medium priority

Some fixes available 6 of 10

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...

1 affected packages

apache-log4j1.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j1.2 Vulnerable Not affected Fixed Fixed Fixed
Show less packages

CVE-2019-17571

Medium priority

Some fixes available 2 of 5

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to...

1 affected packages

apache-log4j1.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j1.2 Not affected Not affected Not affected Fixed Fixed
Show less packages