Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Configuration Manager IP Edition (ITNCM)

Summary Multiple vulnerabilities were addressed in ITNCM version 6.4.2 Fix Pack 24 6.4.2.24 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...

openSUSE Security Advisory (SUSE-SU-2026:0254-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for log4j

This update for log4j fixes the following issues: Security fixes: CVE-2025-68161: Fixed absent TLS hostname verification that may allow a man-in-the-middle attack bsc1255427 Other fixes: Upgrade to 2.18.0 Added Add support for Jakarta Mail API in the SMTP appender. Add support for custom Log4j 1....

log4j-2.20.0-1.1 on GA media (moderate)

log4j-2.20.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10009-1 Rating: moderate Cross-References: CVE-2025-68161 CVSS scores: CVE-2025-68161 SUSE : 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2025-68161 SUSE : 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N...

OPENSUSE-SU-2024:11025-1 log4j-2.13.2-1.9 on GA media

These are all security issues fixed in the log4j-2.13.2-1.9 package on the GA media of openSUSE Tumbleweed...

OESA-2022-1957 log4j security update

Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Contex...

Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

Crucible in version 4.8.9 and older uses a log4j library that has the following vulnerabilities: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 / CVE-2020-9493 Crucible 4.8.10 uses a custom-built log4j, which has the above vulnerabilities fixed...

Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

Fisheye in version 4.8.9 and older uses a log4j library that has the following vulnerabilities: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 / CVE-2020-9493 Fisheye 4.8.10 uses a custom-built log4j, which has the above vulnerabilities fixed...

Update Log4J to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

CVE-2022-23305 Customers that have JDBCAppender configured may be vulnerable to SQL Injection attacks Change Summary: Removed JDBCAppender thus no longer allowing customers to use. CVE-2022-23307 / CVE-2020-9493 Unsafe deserialization issue present in Apache Chainsaw that was bundled in log4j1...

SUSE-SU-2022:0214-1 Security update for log4j

This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. bsc1194843 - CVE-2022-23302:...

log4j security update

0:1.2.14-6.4.1 - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 Orabug: 33689748...

OPENSUSE-SU-2021:1605-1 Security update for log4j

This update for log4j fixes the following issues: - Update to 2.17.0 - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. bsc1193887, bsc1193888 This update was imported from the SUSE:SLE-15-SP2:Update update project...

OPENSUSE-SU-2021:4118-1 Security update for log4j

This update for log4j fixes the following issues: - Update to 2.17.0 - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. bsc1193887, bsc1193888...

Security update for log4j (important)

openSUSE Security Update: Security update for log4j Announcement ID: openSUSE-SU-2021:4118-1 Rating: important References: 1193887 1193888 Cross-References: CVE-2021-45105 CVSS scores: CVE-2021-45105 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 An...

[SECURITY] Fedora 35 Update: log4j-2.16.0-1.fc35

Log4j is a tool to help the programmer output log statements to a variety of output targets...

SUSE-SU-2021:14866-1 Security update for log4j

This update for log4j fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. bsc1193662...

Security update for log4j (important)

openSUSE Security Update: Security update for log4j Announcement ID: openSUSE-SU-2021:4107-1 Rating: important References: 1193743 Cross-References: CVE-2021-44228 CVE-2021-45046 CVSS scores: CVE-2021-44228 NVD : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-44228 SUSE: 9.8...

OPENSUSE-SU-2021:1586-1 Security update for log4j

This update for log4j fixes the following issue: CVE-2021-44228: The previously published fix by upstream turned out to be incomplete. Therefore, upstream has recommended disabling JNDI support in log4j by default to be completely sure that this vulnerability cannot be exploited. This update...

OPENSUSE-SU-2021:1577-1 Security update for log4j

This update for log4j fixes the following issues: - CVE-2021-44228: Fix a remote code execution vulnerability that existed in the LDAP JNDI parser. bsc1193611, CVE-2021-44228 This update was imported from the SUSE:SLE-15-SP2:Update update project...

OPENSUSE-SU-2021:3999-1 Security update for log4j

This update for log4j fixes the following issues: - CVE-2021-44228: Fix a remote code execution vulnerability that existed in the LDAP JNDI parser. bsc1193611, CVE-2021-44228...