CVE-2021-44228 critical —
10.0
5y ago
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
arch debian suse java
CVE-2017-5645 critical 9.8
9.8
9y ago
Deserialization of Untrusted Data in Log4j
debian suse redhat java +1
CVE-2026-34477 medium 5.9
5.9
2mo ago
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
debian suse java apache
CVE-2021-45046 unknown —
1.5
5y ago
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in…
debian suse java
CVE-2026-34480 unknown —
—
2mo ago
Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
debian suse java gcp
CVE-2026-34478 unknown —
—
2mo ago
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility
debian suse java gcp
CVE-2025-68161 unknown —
—
5mo ago
Apache Log4j does not verify the TLS hostname in its Socket Appender
debian suse java
CVE-2023-26464 unknown —
—
3y ago
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
debian java
CVE-2021-44832 unknown —
—
4y ago
Improper Input Validation and Injection in Apache Log4j2
debian suse java
CVE-2021-45105 unknown —
—
5y ago
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
debian suse java
CVE-2020-9488 unknown —
—
6y ago
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
debian suse java