2433 matches found
Oracle WebLogic Server (April 2026 CPU)
The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web...
Oracle Identity Manager (April 2026 CPU)
The 12.2.1.4.0 version of Identity Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory: - In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a reques...
Oracle Identity Manager (April 2026 CPU)
The 14.1.2.1.0 version of Identity Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory: - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Identity Console. Easily exploitable...
Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Configuration Manager IP Edition (ITNCM)
Summary Multiple vulnerabilities were addressed in ITNCM version 6.4.2 Fix Pack 24 6.4.2.24 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...
Security Bulletin: due to the use of Apache Log4j, IBM Transformation Extender Advanced is vulnerable to Host Mismatch
Summary Apache Log4j is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. Apache Log4j has been updated to address CVE-2025-68161 which causes hostname mismatch. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The...
Apache Log4j 2.21.0 < 2.25.4 Rfc5424Layout Log Injection (CVE-2026-34478)
The version of Apache Log4j on the remote host is 2.21.0 through 2.25.3. It is, therefore, affected by a vulnerability: - The Rfc5424Layout is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. The newLineEscape attribute was...
log4j-2.20.0-2.1 on GA media (moderate)
log4j-2.20.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10544-1 Rating: moderate Cross-References: CVE-2026-34477 CVE-2026-34479 CVE-2026-34480 CVE-2026-34481 CVSS scores: CVE-2026-34477 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2026-34479 SUSE : 5.3...
Apache Log4j 2.0-alpha1 < 2.25.4 XmlLayout Invalid XML Output (CVE-2026-34480)
The version of Apache Log4j on the remote host is 2.0-alpha1 through 2.25.3. It is, therefore, affected by a vulnerability: - The XmlLayout fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such character...
Apache Log4j 2.12.0 < 2.25.4 SSL Hostname Verification Bypass (CVE-2026-34477)
The version of Apache Log4j on the remote host is 2.12.0 through 2.25.3. It is, therefore, affected by a vulnerability: - The verifyHostName configuration attribute of the Ssl element was silently ignored in all versions through 2.25.3, leaving TLS connections vulnerable to interception via...
SUSE CVE-2026-34477
The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...
SUSE CVE-2026-34478
Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...
SUSE CVE-2026-34479
The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...
SUSE CVE-2026-34480
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...
SUSE CVE-2026-34481
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...
Improper Certificate Validation
Apache Log4j Core is vulnerable to Improper Certificate Validation. The vulnerability is due to ignored hostname verification settings in TLS configuration, which allows an attacker to perform a man-in-the-middle attack by presenting a trusted certificate and intercepting secure communications...
OPENSUSE-SU-2026:10544-1 log4j-2.20.0-2.1 on GA media
These are all security issues fixed in the log4j-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-34481
A flaw was found in Apache Log4j's JsonTemplateLayout. This vulnerability allows a remote attacker to disrupt log processing systems. By sending log events that include specific non-numeric floating-point values, the attacker can cause the JsonTemplateLayout to generate invalid JSON output. This...
CVE-2026-34479
A flaw was found in the Apache Log4j 1-to-Log4j 2 bridge. The Log4j1XmlLayout component fails to properly escape characters forbidden by the XML 1.0 standard. This improper handling of characters results in malformed XML output, which can cause downstream log processing systems to drop or fail to...
CVE-2026-34477
A flaw was found in Apache Log4j Core. A network-based attacker can perform a man-in-the-middle MITM attack, allowing them to intercept encrypted communications. This occurs when an SMTP, Socket, or Syslog appender uses Transport Layer Security TLS with a nested element, and the attacker has a...
CVE-2026-34480
A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...