CVE-2021-44228 critical —
10.0
5y ago
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
arch debian suse java
CVE-2017-5645 critical 9.8
9.8
9y ago
Deserialization of Untrusted Data in Log4j
debian suse redhat java +2
CVE-2026-34477 medium 5.9
5.9
2mo ago
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
debian suse java apache
CVE-2021-45046 unknown —
1.5
5y ago
Incomplete fix for Apache Log4j vulnerability
debian suse java
CVE-2026-34478 unknown —
—
2mo ago
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility
debian suse java gcp
CVE-2026-34480 unknown —
—
2mo ago
Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
debian suse java gcp
CVE-2021-44832 unknown —
—
5y ago
Improper Input Validation and Injection in Apache Log4j2
debian suse java