| CVE-2021-44228 |
critical |
— |
10.0 |
|
|
|
5y ago |
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. |
| CVE-2017-5645 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Deserialization of Untrusted Data in Log4j |
| CVE-2021-44832 |
medium |
6.6 |
6.6 |
|
|
|
5y ago |
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender wit… |
| CVE-2026-34477 |
medium |
5.9 |
5.9 |
|
|
|
2mo ago |
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration |
| CVE-2021-45105 |
medium |
5.9 |
5.9 |
|
|
|
5y ago |
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thre… |
| CVE-2020-9488 |
low |
3.7 |
3.7 |
|
|
|
6y ago |
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log mess… |
