Unity Linux 20.1060e / 20.1070e Security Update: wildfly-common (UTSA-2026-016679)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016679 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Astra Linux - уязвимость в apache-log4j2

Improper validation of certificates with host mismatches in the Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack, thereby leaking any log messages sent through that appender. This issue has been fixed in Apache Log4j 2.12.3 and 2.13....

Apache Log4j 2.0-beta9 < 2.25.3 MitM

The version of Apache Log4j on the remote host is 2.0-beta9 through 2.25.2. The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +42448 more potentially affected by CVE-2023-26464 via log4j:log4j (>=1.1.3 <=1.2.9)

log4j:log4j MAVEN version =1.1.3, =1.1, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.9.0 - acegisecurity:acegi-security-resin =0.9.0 - acegisecurity:acegi-security-sample-annotations =0.9.0 - acegisecurity:acegi-security-tiger =0.9.0 - activeio:activeio =2.1 - activemq:activemq =1.1 -...

PT-2019-5314

Name of the Vulnerable Software and Affected Versions Log4j versions 1.2 up to 1.2.17 Description The issue is related to the deserialization of untrusted data in the SocketServer class of Log4j 1.2, which can be exploited to remotely execute arbitrary code when combined with a deserialization...