VYPR
Vendor

Qos Ch

Products
3
CVEs
11
Across products
11
Status
Private

Products

3

Recent CVEs

11
  • CVE-2022-23307HigJan 18, 2022
    risk 0.57cvss 8.8epss 0.52

    CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

  • CVE-2022-23305CriJan 18, 2022
    risk 0.57cvss 9.8epss 0.67

    By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering…

  • CVE-2017-5929CriMar 13, 2017
    risk 0.57cvss 9.8epss 0.07

    QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

  • CVE-2025-11226MedOct 1, 2025
    risk 0.31cvss epss 0.00

    ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment…

  • CVE-2024-12798MedDec 19, 2024
    risk 0.31cvss epss 0.00

    ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an…

  • CVE-2026-10532LowJun 1, 2026
    risk 0.19cvss epss 0.00

    Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer…

  • CVE-2026-9828LowMay 28, 2026
    risk 0.19cvss epss 0.00

    Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or…

  • CVE-2020-9488LowApr 27, 2020
    risk 0.17cvss 3.7epss 0.08

    Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

  • CVE-2024-12801LowDec 19, 2024
    risk 0.09cvss epss 0.00

    Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of…

  • CVE-2026-1225LowJan 22, 2026
    risk 0.05cvss epss 0.00

    ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The…

  • CVE-2026-13006Jun 24, 2026
    risk 0.00cvss epss 0.00

    ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing…