Lucene search
K

2433 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.263 views

Oracle WebLogic Server (April 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web...

7.5CVSS6AI score0.00743EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Oracle Identity Manager (April 2026 CPU)

The 12.2.1.4.0 version of Identity Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory: - In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a reques...

7.2CVSS6.7AI score0.00743EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Oracle Identity Manager (April 2026 CPU)

The 14.1.2.1.0 version of Identity Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory: - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Identity Console. Easily exploitable...

6.3CVSS6.2AI score0.00743EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/18 2:39 a.m.17 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Configuration Manager IP Edition (ITNCM)

Summary Multiple vulnerabilities were addressed in ITNCM version 6.4.2 Fix Pack 24 6.4.2.24 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...

9.8CVSS6.2AI score0.00864EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 6:50 p.m.4 views

Security Bulletin: due to the use of Apache Log4j, IBM Transformation Extender Advanced is vulnerable to Host Mismatch

Summary Apache Log4j is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. Apache Log4j has been updated to address CVE-2025-68161 which causes hostname mismatch. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The...

6.3CVSS6AI score0.00743EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.196 views

Apache Log4j 2.21.0 < 2.25.4 Rfc5424Layout Log Injection (CVE-2026-34478)

The version of Apache Log4j on the remote host is 2.21.0 through 2.25.3. It is, therefore, affected by a vulnerability: - The Rfc5424Layout is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. The newLineEscape attribute was...

7.5CVSS5.3AI score0.00831EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/15 12:0 a.m.5 views

log4j-2.20.0-2.1 on GA media (moderate)

log4j-2.20.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10544-1 Rating: moderate Cross-References: CVE-2026-34477 CVE-2026-34479 CVE-2026-34480 CVE-2026-34481 CVSS scores: CVE-2026-34477 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2026-34479 SUSE : 5.3...

6.5CVSS5.8AI score0.0086EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.13 views

Apache Log4j 2.0-alpha1 < 2.25.4 XmlLayout Invalid XML Output (CVE-2026-34480)

The version of Apache Log4j on the remote host is 2.0-alpha1 through 2.25.3. It is, therefore, affected by a vulnerability: - The XmlLayout fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such character...

7.5CVSS5.4AI score0.0086EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.149 views

Apache Log4j 2.12.0 < 2.25.4 SSL Hostname Verification Bypass (CVE-2026-34477)

The version of Apache Log4j on the remote host is 2.12.0 through 2.25.3. It is, therefore, affected by a vulnerability: - The verifyHostName configuration attribute of the Ssl element was silently ignored in all versions through 2.25.3, leaving TLS connections vulnerable to interception via...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.6 views

SUSE CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.5CVSS5.8AI score0.00395EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.9 views

SUSE CVE-2026-34478

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...

6.9CVSS5.8AI score0.00831EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.7 views

SUSE CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

5.3CVSS5.8AI score0.00535EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.7 views

SUSE CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

6.5CVSS5.7AI score0.0086EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.17 views

SUSE CVE-2026-34481

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

5.3CVSS5.8AI score0.00555EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/14 11:1 a.m.8 views

Improper Certificate Validation

Apache Log4j Core is vulnerable to Improper Certificate Validation. The vulnerability is due to ignored hostname verification settings in TLS configuration, which allows an attacker to perform a man-in-the-middle attack by presenting a trusted certificate and intercepting secure communications...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/14 12:0 a.m.3 views

OPENSUSE-SU-2026:10544-1 log4j-2.20.0-2.1 on GA media

These are all security issues fixed in the log4j-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.0086EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/13 5:20 p.m.11 views

CVE-2026-34481

A flaw was found in Apache Log4j's JsonTemplateLayout. This vulnerability allows a remote attacker to disrupt log processing systems. By sending log events that include specific non-numeric floating-point values, the attacker can cause the JsonTemplateLayout to generate invalid JSON output. This...

7.5CVSS5.7AI score0.00555EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/13 5:20 p.m.7 views

CVE-2026-34479

A flaw was found in the Apache Log4j 1-to-Log4j 2 bridge. The Log4j1XmlLayout component fails to properly escape characters forbidden by the XML 1.0 standard. This improper handling of characters results in malformed XML output, which can cause downstream log processing systems to drop or fail to...

7.5CVSS5.7AI score0.00535EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/04/13 5:20 p.m.7 views

CVE-2026-34477

A flaw was found in Apache Log4j Core. A network-based attacker can perform a man-in-the-middle MITM attack, allowing them to intercept encrypted communications. This occurs when an SMTP, Socket, or Syslog appender uses Transport Layer Security TLS with a nested element, and the attacker has a...

6.8CVSS5.7AI score0.00395EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/13 4:9 p.m.9 views

CVE-2026-34480

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.7AI score0.0086EPSS
Exploits0References8
Rows per page
Query Builder