Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j ( CVE-2026-34477, CVE-2026-34478, CVE-2026-34479 & CVE-2026-34480 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addresse...

PT-2026-25380

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.37.2 Description cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. When a cpp-httplib client is configured with a proxy and set follow locationtrue, HTTPS redirects can silently...

GO-2025-3777 Podman Improper Certificate Validation; machine missing TLS verification in github.com/containers/podman

Podman Improper Certificate Validation; machine missing TLS verification in github.com/containers/podman...

AlmaLinux 9 : podman (ALSA-2025:10550)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:10550 advisory. podman: podman missing TLS verification CVE-2025-6032 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note th...

Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: podman missing TLS verification CVE-2025-6032 For more details about the security...

CVE-2025-6032 Podman: podman missing tls verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

CVE-2022-24968

In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification...

CVE-2020-5864

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...

RHEL 8 : RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) (RHSA-2024:9991)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9991 advisory. Python library for code used by TripleO projects a Python TripleOClient for Openstack Director Security Fixes: RHOSP Director Disables TLS Verificati...

RHEL 9 : RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) (RHSA-2024:9990)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9990 advisory. Python library for code used by TripleO projects a Python TripleOClient for Openstack Director Security Fixes: RHOSP Director Disables TLS Verificati...

MGASA-2021-0504 Updated libzapojit packages fix security vulnerability

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. CVE-2021-39360...