Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 6 of 6 results


CVE-2021-44832

Medium priority

Some fixes available 4 of 9

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI...

1 affected packages

apache-log4j2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j2 Needs evaluation Not affected Fixed Fixed Vulnerable
Show less packages

CVE-2021-45105

Medium priority

Some fixes available 4 of 5

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a...

1 affected packages

apache-log4j2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j2 Not affected Not affected Fixed Fixed Vulnerable
Show less packages

CVE-2021-45046

High priority
Fixed

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging...

1 affected packages

apache-log4j2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j2 Not affected Fixed Not affected Not affected
Show less packages

CVE-2021-44228

High priority
Fixed

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other...

1 affected packages

apache-log4j2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j2 Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-9488

Medium priority

Some fixes available 1 of 4

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that...

1 affected packages

apache-log4j2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j2 Not affected Not affected Fixed Needs evaluation Ignored
Show less packages

CVE-2017-5645

Medium priority
Vulnerable

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute...

1 affected packages

apache-log4j2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache-log4j2 Not affected Not affected Not affected Not affected Vulnerable
Show less packages