rpm package
opensuse/log4net&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/log4net&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1285 | — | < 1.2.10-78.1 | 1.2.10-78.1 | May 11, 2020 | Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. | ||
| CVE-2006-0743 | — | < 1.2.10-75.6 | 1.2.10-75.6 | Mar 9, 2006 | Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. |
- CVE-2018-1285May 11, 2020affected < 1.2.10-78.1fixed 1.2.10-78.1
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
- CVE-2006-0743Mar 9, 2006affected < 1.2.10-75.6fixed 1.2.10-75.6
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.