10 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-34481
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces inval...
EUVD-2026-21412
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...
EUVD-2026-21410
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...
GHSA-6HG6-V5C8-FPHQ Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...
Important: Red Hat Security Advisory: RHOAI 2.25.4 - Red Hat OpenShift AI
Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.25.4 provides these changes:...
DEBIAN-CVE-2026-34481
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...
CVE-2026-34477
The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...
Security fix for the ALT Linux 9 package git version 2.25.4-alt1
2.25.4-alt1 built April 21, 2020 Dmitry V. Levin in task 250335 --- April 19, 2020 Dmitry V. Levin - 2.25.3 - 2.25.4 fixes: CVE-2020-11008...
Security fix for the ALT Linux 10 package git version 2.25.4-alt1
April 19, 2020 Dmitry V. Levin 2.25.4-alt1 - 2.25.3 - 2.25.4 fixes: CVE-2020-11008...