Vulnerability-Lookup

WID-SEC-W-2026-0164

Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-05-20 22:00

Summary

Oracle Java SE: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - MacOS X - Sonstiges - UNIX - Windows

CVE-2025-12183

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

CVE-2025-43368

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

CVE-2025-47219

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

CVE-2025-6021

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

CVE-2025-6052

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

CVE-2025-7425

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

CVE-2026-21925

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

CVE-2026-21932

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

CVE-2026-21933

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

CVE-2026-21945

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

CVE-2026-21947

Affected products

Known affected 58 products

Product	Identifier	Version
IBM DataPower Gateway 10.6.0.0-10.6.0.8 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8`	10.6.0.0-10.6.0.8
IBM DataPower Gateway 10.6.1.0-10.6.6.0 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0`	10.6.1.0-10.6.6.0
IBM DataPower Gateway 10.5.0.0-10.5.0.20 IBM / DataPower Gateway	`cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20`	10.5.0.0-10.5.0.20
IBM TXSeries for Multiplatforms 10.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_10.1`	for Multiplatforms 10.1
Amazon Corretto <11.0.30.7.1 Amazon / Corretto		<11.0.30.7.1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Tenable Security Nessus Network Monitor <6.5.3 Tenable Security / Nessus Network Monitor		<6.5.3
Amazon Corretto <8.482.08.1 Amazon / Corretto		<8.482.08.1
Dell Data Protection Advisor Dell	`cpe:/a:dell:data_protection_advisor:-`	—
IBM Sterling Connect:Direct IBM	`cpe:/a:ibm:sterling_connect%3adirect:-`	—
Oracle GraalVM Enterprise Edition 21.3.16 Oracle / GraalVM	`cpe:/a:oracle:graalvm:enterprise_edition_21.3.16`	Enterprise Edition 21.3.16
IBM Java SDK IBM	`cpe:/a:ibm:jdk:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer IBM	`cpe:/a:ibm:rational_business_developer:-`	—
IBM Semeru Runtime 11.0.12.0-11.0.29.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0`	11.0.12.0-11.0.29.0
IBM Semeru Runtime 17.0.0.0-17.0.17.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0`	17.0.0.0-17.0.17.0
IBM Semeru Runtime 8.0.302.0-8.0.472.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0`	8.0.302.0-8.0.472.0
IBM App Connect Enterprise 12.0.1.0-12.0.12.22 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22`	12.0.1.0-12.0.12.22
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Power Hardware Management Console IBM	`cpe:/a:ibm:hardware_management_console:-`	—
IBM Integration Bus for z/OS 10.1.0.0-10.1.0.6 IBM / Integration Bus	`cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos`	for z/OS 10.1.0.0-10.1.0.6
Oracle Java SE 25.0.1 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.1`	25.0.1
Oracle Java SE 8u471-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-perf`	8u471-perf
Oracle GraalVM for JDK 21.0.9 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_21.0.9`	for JDK 21.0.9
Oracle GraalVM for JDK 17.0.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:for_jdk_17.0.17`	for JDK 17.0.17
Oracle Java SE 8u471 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471`	8u471
IBM Semeru Runtime 21.0.0.0-21.0.9.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0`	21.0.0.0-21.0.9.0
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Semeru Runtime 25.0.0.0-25.0.1.0 IBM / Semeru Runtime	`cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0`	25.0.0.0-25.0.1.0
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
IBM TXSeries for Multiplatforms 11.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_11.1`	for Multiplatforms 11.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
Dell NetWorker NRE <17.0.4 Dell / NetWorker		NRE <17.0.4
IBM TXSeries for Multiplatforms 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	for Multiplatforms 8.2
IBM TXSeries for Multiplatforms 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	for Multiplatforms 9.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise 13.0.1.0-13.0.6.1 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1`	13.0.1.0-13.0.6.1
Oracle Java SE 8u471-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u471-b50`	8u471-b50
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Oracle Java SE 21.0.9 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.9`	21.0.9
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Oracle Java SE 17.0.17 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.17`	17.0.17
Dell NetWorker NRE <8.0.28 Dell / NetWorker		NRE <8.0.28
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Oracle Java SE 11.0.29 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.29`	11.0.29
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—

References

98 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpujan2026…	external
https://github.com/corretto/corretto-8/blob/8.482…	external
https://github.com/corretto/corretto-11/blob/11.0…	external
https://docs.azul.com/core/pdfs/january-2026/azul…	external
https://access.redhat.com/errata/RHSA-2026:0848	external
https://access.redhat.com/errata/RHSA-2026:0927	external
https://access.redhat.com/errata/RHSA-2026:0849	external
https://access.redhat.com/errata/RHSA-2026:0847	external
https://linux.oracle.com/errata/ELSA-2026-0927.html	external
https://access.redhat.com/errata/RHSA-2026:0928	external
https://errata.build.resf.org/RLSA-2026:0927	external
https://errata.build.resf.org/RLSA-2026:0928	external
https://lists.debian.org/debian-security-announce…	external
http://linux.oracle.com/errata/ELSA-2026-0928.html	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://access.redhat.com/errata/RHSA-2026:0932	external
https://access.redhat.com/errata/RHSA-2026:0898	external
https://access.redhat.com/errata/RHSA-2026:0897	external
https://lists.debian.org/debian-security-announce…	external
https://access.redhat.com/errata/RHSA-2026:0900	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://access.redhat.com/errata/RHSA-2026:0899	external
https://access.redhat.com/errata/RHSA-2026:0901	external
https://access.redhat.com/errata/RHSA-2026:0896	external
https://access.redhat.com/errata/RHSA-2026:0931	external
https://access.redhat.com/errata/RHSA-2026:0895	external
https://access.redhat.com/errata/RHSA-2026:0933	external
https://errata.build.resf.org/RLSA-2026:0932	external
https://www.ibm.com/support/pages/node/7258042	external
https://www.ibm.com/support/pages/node/7258025	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://de.tenable.com/security/tns-2026-02	external
https://linux.oracle.com/errata/ELSA-2026-0932.html	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7259422	external
https://access.redhat.com/errata/RHSA-2026:1606	external
https://ubuntu.com/security/notices/USN-8003-1	external
https://ubuntu.com/security/notices/USN-8002-1	external
https://ubuntu.com/security/notices/USN-8001-1	external
https://ubuntu.com/security/notices/USN-8000-1	external
https://ubuntu.com/security/notices/USN-7995-1	external
https://ubuntu.com/security/notices/USN-7996-1	external
https://ubuntu.com/security/notices/USN-7997-1	external
https://ubuntu.com/security/notices/USN-7998-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.debian.org/debian-security-announce…	external
https://alas.aws.amazon.com/AL2/ALAS2CORRETTO8-20…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3140.html	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3139.html	external
https://linux.oracle.com/errata/ELSA-2026-0931.html	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://errata.build.resf.org/RLSA-2026:0933	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7261060	external
https://www.hitachi.com/products/it/software/secu…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3154.html	external
https://www.ibm.com/support/pages/node/7261527	external
https://www.ibm.com/support/pages/node/7261783	external
https://www.ibm.com/support/pages/node/7261965	external
https://www.ibm.com/support/pages/node/7262441	external
https://www.dell.com/support/kbdoc/000435907	external
https://www.ibm.com/support/pages/node/7262386	external
https://www.ibm.com/support/pages/node/7262890	external
https://access.redhat.com/errata/RHSA-2026:4832	external
https://www.dell.com/support/kbdoc/de-de/00044324…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7268144	external
https://www.ibm.com/support/pages/node/7268629	external
https://www.ibm.com/support/pages/node/7259431	external
https://www.ibm.com/support/pages/node/7268732	external
https://www.dell.com/support/kbdoc/000450565	external
https://www.ibm.com/support/pages/node/7272388	external
https://www.ibm.com/support/pages/node/7271934	external
https://www.ibm.com/support/pages/node/7269378	external
https://www.dell.com/support/kbdoc/en-us/00046211…	external
https://www.ibm.com/support/pages/node/7273145	external
https://www.ibm.com/support/pages/node/7273545	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0164 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0164.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0164 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0164"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - January 2026 - Appendix Oracle Java SE vom 2026-01-20",
        "url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
      },
      {
        "category": "external",
        "summary": "Change Log for Amazon Corretto 8 vom 2026-01-20",
        "url": "https://github.com/corretto/corretto-8/blob/8.482.08.1/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "Change Log for Amazon Corretto 11 vom 2026-01-20",
        "url": "https://github.com/corretto/corretto-11/blob/11.0.30.7.1/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "Azul Zulu builds of OpenJDK - January 2026 Quarterly Update",
        "url": "https://docs.azul.com/core/pdfs/january-2026/azul-zulu-ca-release-notes-january-2026-rev1.0.pdf"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0848 vom 2026-01-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:0848"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0927 vom 2026-01-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:0927"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0849 vom 2026-01-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:0849"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0847 vom 2026-01-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:0847"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0927 vom 2026-01-22",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0927.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0928 vom 2026-01-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:0928"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0927 vom 2026-01-23",
        "url": "https://errata.build.resf.org/RLSA-2026:0927"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0928 vom 2026-01-23",
        "url": "https://errata.build.resf.org/RLSA-2026:0928"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6110 vom 2026-01-25",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00019.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0928 vom 2026-01-23",
        "url": "http://linux.oracle.com/errata/ELSA-2026-0928.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4457 vom 2026-01-26",
        "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00029.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0932 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0932"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0898 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0898"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0897 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0897"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6112 vom 2026-01-27",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00021.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0900 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0900"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4456 vom 2026-01-26",
        "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00028.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0899 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0899"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0901 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0901"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0896 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0896"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0931 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0931"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0895 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0895"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0933 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0933"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0932 vom 2026-01-27",
        "url": "https://errata.build.resf.org/RLSA-2026:0932"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7258042 vom 2026-01-26",
        "url": "https://www.ibm.com/support/pages/node/7258042"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7258025 vom 2026-01-26",
        "url": "https://www.ibm.com/support/pages/node/7258025"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10093-1 vom 2026-01-27",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DYXZQCWXWQDRW4DHVAGCG2J73SA27W5O/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10091-1 vom 2026-01-27",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CGS2RS52V5KQQQCEGK24MAXSHABJIWTF/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10092-1 vom 2026-01-27",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IWJT2INRPEEFPSE2YAYZEKLRS6UQUNF5/"
      },
      {
        "category": "external",
        "summary": "Tenable Security Advisory TNS-2026-02 vom 2026-01-27",
        "url": "https://de.tenable.com/security/tns-2026-02"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0932 vom 2026-01-27",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0932.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10108-1 vom 2026-01-29",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S7CDPZVRFL4SBFCJW4WIXCZCXZRWVTTN/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0342-1 vom 2026-01-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023990.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0341-1 vom 2026-01-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023991.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7259422 vom 2026-02-02",
        "url": "https://www.ibm.com/support/pages/node/7259422"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:1606 vom 2026-02-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:1606"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8003-1 vom 2026-02-03",
        "url": "https://ubuntu.com/security/notices/USN-8003-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8002-1 vom 2026-02-03",
        "url": "https://ubuntu.com/security/notices/USN-8002-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8001-1 vom 2026-02-03",
        "url": "https://ubuntu.com/security/notices/USN-8001-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8000-1 vom 2026-02-03",
        "url": "https://ubuntu.com/security/notices/USN-8000-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7995-1 vom 2026-02-03",
        "url": "https://ubuntu.com/security/notices/USN-7995-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7996-1 vom 2026-02-03",
        "url": "https://ubuntu.com/security/notices/USN-7996-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7997-1 vom 2026-02-03",
        "url": "https://ubuntu.com/security/notices/USN-7997-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7998-1 vom 2026-02-03",
        "url": "https://ubuntu.com/security/notices/USN-7998-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20190-1 vom 2026-02-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024026.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20199-1 vom 2026-02-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024020.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0363-1 vom 2026-02-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024035.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20134-1 vom 2026-02-03",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6HBUYV33ZTE6ADPCQZM6HMW2XG7WQETD/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10134-1 vom 2026-02-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4Z3UR6PG63OYY7IV4AAM2MZ4DMWZEWHO/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10136-1 vom 2026-02-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6MZSBZI33V52BT5HAQ2MZPR3L3M5D7EB/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10133-1 vom 2026-02-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ISR24KNJXAKOAXEUS5RCDFFCRLEKUVXP/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10135-1 vom 2026-02-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KZ5K6IBQB2ADSD26EDHXRFXMJK6DGJSD/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10137-1 vom 2026-02-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZDLTBTE6W5WTWIKXD72QA22655BXNXO4/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0382-1 vom 2026-02-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024059.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20215-1 vom 2026-02-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024071.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0389-1 vom 2026-02-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024078.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0390-1 vom 2026-02-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024077.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6119 vom 2026-02-05",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00028.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2CORRETTO8-2026-022 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2CORRETTO8-2026-022.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3140 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3140.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3139 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3139.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0931 vom 2026-02-10",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0931.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0415-1 vom 2026-02-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024087.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0414-1 vom 2026-02-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024088.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0441-1 vom 2026-02-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024107.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0933 vom 2026-02-13",
        "url": "https://errata.build.resf.org/RLSA-2026:0933"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10204-1 vom 2026-02-15",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5R4OVWJW7F4TAFLPAQY7LX4HQCY7BJCU/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0504-1 vom 2026-02-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024244.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7261060 vom 2026-02-17",
        "url": "https://www.ibm.com/support/pages/node/7261060"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2026-102 vom 2026-02-18",
        "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-102/index.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3154 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3154.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7261527 vom 2026-02-23",
        "url": "https://www.ibm.com/support/pages/node/7261527"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7261783 vom 2026-02-25",
        "url": "https://www.ibm.com/support/pages/node/7261783"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7261965 vom 2026-02-26",
        "url": "https://www.ibm.com/support/pages/node/7261965"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7262441 vom 2026-03-03",
        "url": "https://www.ibm.com/support/pages/node/7262441"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-101 vom 2026-03-07",
        "url": "https://www.dell.com/support/kbdoc/000435907"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7262386 vom 2026-03-06",
        "url": "https://www.ibm.com/support/pages/node/7262386"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7262890 vom 2026-03-09",
        "url": "https://www.ibm.com/support/pages/node/7262890"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:4832 vom 2026-03-17",
        "url": "https://access.redhat.com/errata/RHSA-2026:4832"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
        "url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1150-1 vom 2026-03-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025065.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7268144 vom 2026-03-31",
        "url": "https://www.ibm.com/support/pages/node/7268144"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7268629 vom 2026-04-06",
        "url": "https://www.ibm.com/support/pages/node/7268629"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7259431 vom 2026-02-02",
        "url": "https://www.ibm.com/support/pages/node/7259431"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7268732 vom 2026-04-09",
        "url": "https://www.ibm.com/support/pages/node/7268732"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-174 vom 2026-04-10",
        "url": "https://www.dell.com/support/kbdoc/000450565"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7272388 vom 2026-05-07",
        "url": "https://www.ibm.com/support/pages/node/7272388"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7271934 vom 2026-05-07",
        "url": "https://www.ibm.com/support/pages/node/7271934"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7269378 vom 2026-05-07",
        "url": "https://www.ibm.com/support/pages/node/7269378"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory",
        "url": "https://www.dell.com/support/kbdoc/en-us/000462117/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities-1"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7273145 vom 2026-05-15",
        "url": "https://www.ibm.com/support/pages/node/7273145"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7273545 vom 2026-05-20",
        "url": "https://www.ibm.com/support/pages/node/7273545"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Java SE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-20T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-21T07:58:03.095+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-0164",
      "initial_release_date": "2026-01-20T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-20T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-01-21T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-01-22T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2026-01-25T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-01-26T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian, Red Hat, Rocky Enterprise Software Foundation und IBM aufgenommen"
        },
        {
          "date": "2026-01-27T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von openSUSE, Tenable und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-01-29T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von openSUSE und SUSE aufgenommen"
        },
        {
          "date": "2026-02-02T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM, Red Hat und Ubuntu aufgenommen"
        },
        {
          "date": "2026-02-03T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE und openSUSE aufgenommen"
        },
        {
          "date": "2026-02-04T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von openSUSE und SUSE aufgenommen"
        },
        {
          "date": "2026-02-05T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE, Debian und Amazon aufgenommen"
        },
        {
          "date": "2026-02-09T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-02-10T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-02-11T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-02-12T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-02-15T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von openSUSE und SUSE aufgenommen"
        },
        {
          "date": "2026-02-17T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-02-18T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-02-22T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-02-25T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-02-26T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2026-03-03T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-03-08T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Dell und IBM aufgenommen"
        },
        {
          "date": "2026-03-09T23:00:00.000+00:00",
          "number": "24",
          "summary": "Referenz(en) aufgenommen: 7262942"
        },
        {
          "date": "2026-03-17T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-03-23T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2026-03-30T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-31T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-04-06T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-04-08T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2026-04-09T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von IBM und Dell aufgenommen"
        },
        {
          "date": "2026-05-07T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-05-11T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2026-05-17T22:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "35"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.482.08.1",
                "product": {
                  "name": "Amazon Corretto \u003c8.482.08.1",
                  "product_id": "T050211"
                }
              },
              {
                "category": "product_version",
                "name": "8.482.08.1",
                "product": {
                  "name": "Amazon Corretto 8.482.08.1",
                  "product_id": "T050211-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:amazon:corretto:8.482.08.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.30.7.1",
                "product": {
                  "name": "Amazon Corretto \u003c11.0.30.7.1",
                  "product_id": "T050212"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.30.7.1",
                "product": {
                  "name": "Amazon Corretto 11.0.30.7.1",
                  "product_id": "T050212-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:amazon:corretto:11.0.30.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Corretto"
          },
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Azul Zulu",
            "product": {
              "name": "Azul Zulu",
              "product_id": "T036273",
              "product_identification_helper": {
                "cpe": "cpe:/a:azul:zulu:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Azul"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Data Protection Advisor",
            "product": {
              "name": "Dell Data Protection Advisor",
              "product_id": "T021498",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:data_protection_advisor:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.8.1.0-3.8.1.7",
                "product": {
                  "name": "Dell ECS 3.8.1.0-3.8.1.7",
                  "product_id": "T053778",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ECS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "NRE \u003c8.0.28",
                "product": {
                  "name": "Dell NetWorker NRE \u003c8.0.28",
                  "product_id": "T051479"
                }
              },
              {
                "category": "product_version",
                "name": "NRE 8.0.28",
                "product": {
                  "name": "Dell NetWorker NRE 8.0.28",
                  "product_id": "T051479-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:nre__8.0.28"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "NRE \u003c17.0.4",
                "product": {
                  "name": "Dell NetWorker NRE \u003c17.0.4",
                  "product_id": "T051480"
                }
              },
              {
                "category": "product_version",
                "name": "NRE 17.0.4",
                "product": {
                  "name": "Dell NetWorker NRE 17.0.4",
                  "product_id": "T051480-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:nre__17.0.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.34.00.16",
                "product": {
                  "name": "Dell Secure Connect Gateway \u003c5.34.00.16",
                  "product_id": "T052048"
                }
              },
              {
                "category": "product_version",
                "name": "5.34.00.16",
                "product": {
                  "name": "Dell Secure Connect Gateway 5.34.00.16",
                  "product_id": "T052048-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Secure Connect Gateway"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Hitachi Command Suite",
            "product": {
              "name": "Hitachi Command Suite",
              "product_id": "T038839",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:command_suite:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Configuration Manager",
            "product": {
              "name": "Hitachi Configuration Manager",
              "product_id": "T020304",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:configuration_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Ops Center",
            "product": {
              "name": "Hitachi Ops Center",
              "product_id": "T017562",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:ops_center:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM App Connect Enterprise",
                "product": {
                  "name": "IBM App Connect Enterprise",
                  "product_id": "T032495",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "13.0.1.0-13.0.6.1",
                "product": {
                  "name": "IBM App Connect Enterprise 13.0.1.0-13.0.6.1",
                  "product_id": "T051289",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.6.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.0.1.0-12.0.12.22",
                "product": {
                  "name": "IBM App Connect Enterprise 12.0.1.0-12.0.12.22",
                  "product_id": "T051290",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.22"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "App Connect Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10.5.0.0-10.5.0.20",
                "product": {
                  "name": "IBM DataPower Gateway 10.5.0.0-10.5.0.20",
                  "product_id": "T052394",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.0_-_10.5.0.20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.6.0.0-10.6.0.8",
                "product": {
                  "name": "IBM DataPower Gateway 10.6.0.0-10.6.0.8",
                  "product_id": "T052395",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:datapower_gateway:10.6.0.0_-_10.6.0.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.6.1.0-10.6.6.0",
                "product": {
                  "name": "IBM DataPower Gateway 10.6.1.0-10.6.6.0",
                  "product_id": "T052396",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:datapower_gateway:10.6.1.0_-_10.6.6.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DataPower Gateway"
          },
          {
            "category": "product_name",
            "name": "IBM InfoSphere Information Server",
            "product": {
              "name": "IBM InfoSphere Information Server",
              "product_id": "T035705",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:infosphere_information_server:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for z/OS \t10.1.0.0-10.1.0.6",
                "product": {
                  "name": "IBM Integration Bus for z/OS \t10.1.0.0-10.1.0.6",
                  "product_id": "T051291",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.6::zos"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Integration Bus"
          },
          {
            "category": "product_name",
            "name": "IBM Java SDK",
            "product": {
              "name": "IBM Java SDK",
              "product_id": "10695",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:jdk:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM MQ",
            "product": {
              "name": "IBM MQ",
              "product_id": "T021398",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:mq:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Power Hardware Management Console",
            "product": {
              "name": "IBM Power Hardware Management Console",
              "product_id": "5114",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:hardware_management_console:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Rational Business Developer",
            "product": {
              "name": "IBM Rational Business Developer",
              "product_id": "T025611",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:rational_business_developer:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.0.302.0-8.0.472.0",
                "product": {
                  "name": "IBM Semeru Runtime 8.0.302.0-8.0.472.0",
                  "product_id": "T052581",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.0.12.0-11.0.29.0",
                "product": {
                  "name": "IBM Semeru Runtime 11.0.12.0-11.0.29.0",
                  "product_id": "T052582",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "17.0.0.0-17.0.17.0",
                "product": {
                  "name": "IBM Semeru Runtime 17.0.0.0-17.0.17.0",
                  "product_id": "T052583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.0.0.0-21.0.9.0",
                "product": {
                  "name": "IBM Semeru Runtime 21.0.0.0-21.0.9.0",
                  "product_id": "T052584",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "25.0.0.0-25.0.1.0",
                "product": {
                  "name": "IBM Semeru Runtime 25.0.0.0-25.0.1.0",
                  "product_id": "T052585",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Semeru Runtime"
          },
          {
            "category": "product_name",
            "name": "IBM Sterling Connect:Direct",
            "product": {
              "name": "IBM Sterling Connect:Direct",
              "product_id": "T045428",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:sterling_connect%3adirect:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for Multiplatforms 9.1",
                "product": {
                  "name": "IBM TXSeries for Multiplatforms 9.1",
                  "product_id": "T015903",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms_9.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Multiplatforms 8.2",
                "product": {
                  "name": "IBM TXSeries for Multiplatforms 8.2",
                  "product_id": "T015904",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Multiplatforms 10.1",
                "product": {
                  "name": "IBM TXSeries for Multiplatforms 10.1",
                  "product_id": "T037951",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms_10.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Multiplatforms 11.1",
                "product": {
                  "name": "IBM TXSeries for Multiplatforms 11.1",
                  "product_id": "T043237",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms_11.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "TXSeries"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.2.0",
                "product": {
                  "name": "IBM Tivoli Business Service Manager 6.2.0",
                  "product_id": "T014092",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Business Service Manager"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.3.0.7",
                "product": {
                  "name": "IBM Tivoli Monitoring 6.3.0.7",
                  "product_id": "342008",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Monitoring"
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Netcool/OMNIbus",
            "product": {
              "name": "IBM Tivoli Netcool/OMNIbus",
              "product_id": "T004181",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM WebSphere Application Server",
            "product": {
              "name": "IBM WebSphere Application Server",
              "product_id": "T000377",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:websphere_application_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM WebSphere Service Registry and Repository",
            "product": {
              "name": "IBM WebSphere Service Registry and Repository",
              "product_id": "T048917",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source OpenJDK",
            "product": {
              "name": "Open Source OpenJDK",
              "product_id": "580789",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:openjdk:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for JDK 17.0.17",
                "product": {
                  "name": "Oracle GraalVM for JDK 17.0.17",
                  "product_id": "T050203",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:graalvm:for_jdk_17.0.17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for JDK 21.0.9",
                "product": {
                  "name": "Oracle GraalVM for JDK 21.0.9",
                  "product_id": "T050204",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:graalvm:for_jdk_21.0.9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise Edition 21.3.16",
                "product": {
                  "name": "Oracle GraalVM Enterprise Edition 21.3.16",
                  "product_id": "T050205",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:graalvm:enterprise_edition_21.3.16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GraalVM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.0.29",
                "product": {
                  "name": "Oracle Java SE 11.0.29",
                  "product_id": "T050145",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:11.0.29"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "17.0.17",
                "product": {
                  "name": "Oracle Java SE 17.0.17",
                  "product_id": "T050146",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:17.0.17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.0.9",
                "product": {
                  "name": "Oracle Java SE 21.0.9",
                  "product_id": "T050147",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:21.0.9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u471-b50",
                "product": {
                  "name": "Oracle Java SE 8u471-b50",
                  "product_id": "T050199",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u471-b50"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u471",
                "product": {
                  "name": "Oracle Java SE 8u471",
                  "product_id": "T050200",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u471"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u471-perf",
                "product": {
                  "name": "Oracle Java SE 8u471-perf",
                  "product_id": "T050201",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u471-perf"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "25.0.1",
                "product": {
                  "name": "Oracle Java SE 25.0.1",
                  "product_id": "T050202",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:25.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java SE"
          },
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.5.3",
                "product": {
                  "name": "Tenable Security Nessus Network Monitor \u003c6.5.3",
                  "product_id": "T050330"
                }
              },
              {
                "category": "product_version",
                "name": "6.5.3",
                "product": {
                  "name": "Tenable Security Nessus Network Monitor 6.5.3",
                  "product_id": "T050330-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:tenable:nessus_network_monitor:6.5.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Nessus Network Monitor"
          }
        ],
        "category": "vendor",
        "name": "Tenable Security"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12183",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-12183"
    },
    {
      "cve": "CVE-2025-43368",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-43368"
    },
    {
      "cve": "CVE-2025-47219",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-47219"
    },
    {
      "cve": "CVE-2025-6021",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-6021"
    },
    {
      "cve": "CVE-2025-6052",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-6052"
    },
    {
      "cve": "CVE-2025-7425",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-7425"
    },
    {
      "cve": "CVE-2026-21925",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21925"
    },
    {
      "cve": "CVE-2026-21932",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21932"
    },
    {
      "cve": "CVE-2026-21933",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21933"
    },
    {
      "cve": "CVE-2026-21945",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21945"
    },
    {
      "cve": "CVE-2026-21947",
      "product_status": {
        "known_affected": [
          "T052395",
          "T052396",
          "T052394",
          "T037951",
          "T050212",
          "T004914",
          "T050330",
          "T050211",
          "T021498",
          "T045428",
          "T050205",
          "10695",
          "398363",
          "T025611",
          "T052582",
          "T052583",
          "T052581",
          "T051290",
          "T035705",
          "5114",
          "T051291",
          "T050202",
          "T050201",
          "T050204",
          "T050203",
          "T050200",
          "T052584",
          "T017562",
          "T052585",
          "T036273",
          "T043237",
          "2951",
          "T002207",
          "T027843",
          "T004181",
          "T051480",
          "T015904",
          "T015903",
          "67646",
          "T051289",
          "T050199",
          "T014092",
          "T048917",
          "T020304",
          "T000377",
          "342008",
          "T021398",
          "T038839",
          "T050147",
          "T053778",
          "T050146",
          "T051479",
          "T032255",
          "T052048",
          "T050145",
          "T032495",
          "T000126",
          "580789"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21947"
    }
  ]
}

CVE-2025-12183 (GCVE-0-2025-12183)

Vulnerability from cvelistv5 – Published: 2025-11-28 15:52 – Updated: 2025-12-29 12:41

Title

org.lz4:lz4-java - Out-of-Bounds Memory Access

Summary

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.

Severity

8.8 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-125 - Out-of-bounds Read

Assigner

Sonatype

References

2 references

URL	Tags
https://www.sonatype.com/security-advisories/cve-…	third-party-advisory
https://github.com/yawkat/lz4-java/releases/tag/v1.8.1	patch

Impacted products

3 products

Vendor	Product	Version
		Affected: 1.0.0 , ≤ 1.8.0 (semver)
		Affected: 1.0.0 , ≤ 1.8.0 (semver)
		Affected: 1.0.0 , ≤ 1.8.0 (semver)

Credits

Jonas Konrad (Oracle corp.) Marcono1234

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12183",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-28T16:33:58.174474Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-28T16:34:40.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-01T21:03:11.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/01/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo1.maven.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.lz4:lz4-java",
          "versions": [
            {
              "lessThanOrEqual": "1.8.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo1.maven.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.lz4:lz4-pure-java",
          "versions": [
            {
              "lessThanOrEqual": "1.8.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo1.maven.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "net.jpountz.lz4:lz4",
          "versions": [
            {
              "lessThanOrEqual": "1.8.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Jonas Konrad (Oracle corp.)"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Marcono1234"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOut-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.\u003c/span\u003e"
            }
          ],
          "value": "Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-29T12:41:30.868Z",
        "orgId": "103e4ec9-0a87-450b-af77-479448ddef11",
        "shortName": "Sonatype"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.sonatype.com/security-advisories/cve-2025-12183"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/yawkat/lz4-java/releases/tag/v1.8.1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "org.lz4:lz4-java - Out-of-Bounds Memory Access",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "103e4ec9-0a87-450b-af77-479448ddef11",
    "assignerShortName": "Sonatype",
    "cveId": "CVE-2025-12183",
    "datePublished": "2025-11-28T15:52:56.140Z",
    "dateReserved": "2025-10-24T19:24:16.368Z",
    "dateUpdated": "2025-12-29T12:41:30.868Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-43368 (GCVE-0-2025-43368)

Vulnerability from cvelistv5 – Published: 2025-09-15 22:35 – Updated: 2026-05-12 12:08

Summary

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

Processing maliciously crafted web content may lead to an unexpected Safari crash

Assigner

apple

References

3 references

URL	Tags
https://support.apple.com/en-us/125108
https://support.apple.com/en-us/125110
https://support.apple.com/en-us/125113

Impacted products

3 products

Vendor	Product	Version
Apple	Safari	Affected: 0 , < 26 (custom)
Apple	iOS and iPadOS	Affected: 0 , < 26 (custom)
Apple	macOS	Affected: 0 , < 26 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-43368",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-16T13:20:05.552455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-16T13:20:09.363Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:10:44.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/59"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/49"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/22/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:10.937Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to an unexpected Safari crash",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:24:14.743Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/125108"
        },
        {
          "url": "https://support.apple.com/en-us/125110"
        },
        {
          "url": "https://support.apple.com/en-us/125113"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2025-43368",
    "datePublished": "2025-09-15T22:35:41.026Z",
    "dateReserved": "2025-04-16T15:24:37.114Z",
    "dateUpdated": "2026-05-12T12:08:10.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-47219 (GCVE-0-2025-47219)

Vulnerability from cvelistv5 – Published: 2025-08-07 00:00 – Updated: 2026-05-12 12:08

Summary

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

2 references

URL	Tags
https://gstreamer.freedesktop.org/security/
https://github.com/atredispartners/advisories/blo…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-47219",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-08T15:54:29.880154Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-08T15:58:39.165Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:13.322Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In GStreamer through 1.26.1, the isomp4 plugin\u0027s qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-07T19:19:19.731Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gstreamer.freedesktop.org/security/"
        },
        {
          "url": "https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-47219",
    "datePublished": "2025-08-07T00:00:00.000Z",
    "dateReserved": "2025-05-02T00:00:00.000Z",
    "dateUpdated": "2026-05-12T12:08:13.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6021 (GCVE-0-2025-6021)

Vulnerability from cvelistv5 – Published: 2025-06-12 12:49 – Updated: 2026-05-12 12:02

Title

Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2

Summary

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

redhat

References

26 references

URL	Tags
https://access.redhat.com/errata/RHSA-2025:10630	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10698	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10699	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11580	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11673	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12098	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12099	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12199	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12237	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12239	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12240	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12241	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13267	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13289	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13325	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13335	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13336	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14059	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14396	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15308	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15672	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:19020	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7519	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6021	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2372406	issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxml2/-/issues/926

Impacted products

31 products

Vendor	Product	Version
		Affected: 0 , < 2.14.4 (semver)
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:2.12.5-7.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.9.1-6.el7_9.10 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.9.7-21.el8_10.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.9.7-21.el8_10.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.9.7-9.el8_2.3 , < * (rpm) cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.9.7-9.el8_4.6 , < * (rpm) cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Unaffected: 0:2.9.7-9.el8_4.6 , < * (rpm) cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm) cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm) cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.9.7-13.el8_6.10 , < * (rpm) cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:2.9.7-16.el8_8.9 , < * (rpm) cpe:/o:redhat:rhel_tus:8.8::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:2.9.7-16.el8_8.9 , < * (rpm) cpe:/o:redhat:rhel_tus:8.8::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.9.13-10.el9_6 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.9.13-10.el9_6 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.9.13-1.el9_0.5 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:2.9.13-3.el9_2.7 , < * (rpm) cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.9.13-10.el9_4 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat JBoss Core Services 2.4.62.SP2	cpe:/a:redhat:jboss_core_services:1
Red Hat	Red Hat OpenShift Container Platform 4.12	Unaffected: 412.86.202509030110-0 , < * (rpm) cpe:/a:redhat:openshift:4.12::el8
Red Hat	Red Hat OpenShift Container Platform 4.13	Unaffected: 413.92.202509030117-0 , < * (rpm) cpe:/a:redhat:openshift:4.13::el9
Red Hat	Red Hat OpenShift Container Platform 4.14	Unaffected: 414.92.202508041909-0 , < * (rpm) cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9
Red Hat	Red Hat OpenShift Container Platform 4.15	Unaffected: 415.92.202508192014-0 , < * (rpm) cpe:/a:redhat:openshift:4.15::el9
Red Hat	Red Hat OpenShift Container Platform 4.16	Unaffected: 416.94.202508050040-0 , < * (rpm) cpe:/a:redhat:openshift:4.16::el9
Red Hat	Red Hat OpenShift Container Platform 4.17	Unaffected: 417.94.202508141510-0 , < * (rpm) cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.18	Unaffected: 418.94.202508060022-0 , < * (rpm) cpe:/a:redhat:openshift:4.18::el9
Red Hat	Red Hat OpenShift Container Platform 4.19	Unaffected: 4.19.9.6.202507230107-0 , < * (rpm) cpe:/a:redhat:openshift:4.19::el9
Red Hat	Red Hat Discovery 2	Unaffected: sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Hardened Images	Unaffected: 2.15.2-0.3.hum1 , < * (rpm) cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat Insights proxy 1.5	Unaffected: sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7 , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Date Public

2025-06-12 00:00

Credits

Red Hat would like to thank Ahmed Lekssays for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6021",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-03T14:41:19.578427Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-03T14:46:43.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "issue-tracking"
            ],
            "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:06:44.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:02:29.486Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libxml2/",
          "defaultStatus": "unaffected",
          "packageName": "libxml2",
          "versions": [
            {
              "lessThan": "2.14.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.12.5-7.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.1-6.el7_9.10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-21.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-21.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-9.el8_2.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-9.el8_4.6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-9.el8_4.6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-13.el8_6.10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-13.el8_6.10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-13.el8_6.10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.8::baseos",
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-16.el8_8.9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.8::baseos",
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-16.el8_8.9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-10.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-10.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/o:redhat:rhel_e4s:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-1.el9_0.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:9.2::baseos",
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-3.el9_2.7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-10.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_core_services:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libxml2",
          "product": "Red Hat JBoss Core Services 2.4.62.SP2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.12::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "412.86.202509030110-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "413.92.202509030117-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el8",
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "414.92.202508041909-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "415.92.202508192014-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "416.94.202508050040-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "417.94.202508141510-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "418.94.202508060022-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.19.9.6.202507230107-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.15.2-0.3.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Ahmed Lekssays for reporting this issue."
        }
      ],
      "datePublic": "2025-06-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-19T19:41:56.672Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:10630",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10630"
        },
        {
          "name": "RHSA-2025:10698",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10698"
        },
        {
          "name": "RHSA-2025:10699",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10699"
        },
        {
          "name": "RHSA-2025:11580",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11580"
        },
        {
          "name": "RHSA-2025:11673",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11673"
        },
        {
          "name": "RHSA-2025:12098",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12098"
        },
        {
          "name": "RHSA-2025:12099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12099"
        },
        {
          "name": "RHSA-2025:12199",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12199"
        },
        {
          "name": "RHSA-2025:12237",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12237"
        },
        {
          "name": "RHSA-2025:12239",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12239"
        },
        {
          "name": "RHSA-2025:12240",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12240"
        },
        {
          "name": "RHSA-2025:12241",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12241"
        },
        {
          "name": "RHSA-2025:13267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13267"
        },
        {
          "name": "RHSA-2025:13289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13289"
        },
        {
          "name": "RHSA-2025:13325",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13325"
        },
        {
          "name": "RHSA-2025:13335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13335"
        },
        {
          "name": "RHSA-2025:13336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13336"
        },
        {
          "name": "RHSA-2025:14059",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14059"
        },
        {
          "name": "RHSA-2025:14396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14396"
        },
        {
          "name": "RHSA-2025:15308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15308"
        },
        {
          "name": "RHSA-2025:15672",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15672"
        },
        {
          "name": "RHSA-2025:19020",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19020"
        },
        {
          "name": "RHSA-2026:7519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7519"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-6021"
        },
        {
          "name": "RHBZ#2372406",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-12T07:55:45.428Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-06-12T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-6021",
    "datePublished": "2025-06-12T12:49:16.157Z",
    "dateReserved": "2025-06-12T05:52:54.211Z",
    "dateUpdated": "2026-05-12T12:02:29.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6052 (GCVE-0-2025-6052)

Vulnerability from cvelistv5 – Published: 2025-06-13 15:40 – Updated: 2026-05-12 12:02

Title

Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

Summary

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

redhat

References

2 references

URL	Tags
https://access.redhat.com/security/cve/CVE-2025-6052	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2372666	issue-trackingx_refsource_REDHAT

Impacted products

15 products

Vendor	Product	Version
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Date Public

2025-06-13 00:00

Credits

Red Hat would like to thank Philip Withnall for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-13T15:58:19.551063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-13T15:58:31.440Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:02:30.756Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "bootc",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "glycin-loaders",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "loupe",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-glib2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rpm-ostree",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "librsvg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "mingw-glib2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "bootc",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "librsvg2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Philip Withnall for reporting this issue."
        }
      ],
      "datePublic": "2025-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in how GLib\u2019s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn\u2019t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-07T00:42:01.009Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-6052"
        },
        {
          "name": "RHBZ#2372666",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372666"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-13T11:54:49.481Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-06-13T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-6052",
    "datePublished": "2025-06-13T15:40:38.541Z",
    "dateReserved": "2025-06-13T12:02:40.494Z",
    "dateUpdated": "2026-05-12T12:02:30.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7425 (GCVE-0-2025-7425)

Vulnerability from cvelistv5 – Published: 2025-07-10 13:53 – Updated: 2026-05-12 12:02

Title

Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

Summary

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

redhat

References

32 references

URL	Tags
https://access.redhat.com/errata/RHBA-2025:12345	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12447	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12450	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13267	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13308	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13309	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13310	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13311	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13312	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13313	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13314	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13335	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13464	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13622	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14059	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14396	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14818	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14819	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14853	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14858	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15308	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15672	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15827	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15828	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:18219	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21885	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21913	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0934	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11503	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2379274	issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

Impacted products

58 products

Vendor	Product	Version
GNOME	libxml2	Affected: 0 , < 2.15.2 (semver)
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:2.12.5-8.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:1.1.39-8.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.9.1-6.el7_9.12 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.9.7-21.el8_10.2 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.9.7-21.el8_10.2 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.9.7-9.el8_2.4 , < * (rpm) cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.9.7-9.el8_4.7 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Unaffected: 0:2.9.7-9.el8_4.7 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.9.7-13.el8_6.11 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:2.9.7-16.el8_8.10 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:2.9.7-16.el8_8.10 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.9.13-11.el9_6 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.9.13-11.el9_6 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.9.13-1.el9_0.6 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:2.9.13-3.el9_2.8 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.9.13-11.el9_4 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat OpenShift Container Platform 4.12	Unaffected: 412.86.202509030110-0 , < * (rpm) cpe:/a:redhat:openshift:4.12::el8
Red Hat	Red Hat OpenShift Container Platform 4.13	Unaffected: 413.92.202509030117-0 , < * (rpm) cpe:/a:redhat:openshift:4.13::el9
Red Hat	Red Hat OpenShift Container Platform 4.14	Unaffected: 414.92.202508270040-0 , < * (rpm) cpe:/a:redhat:openshift:4.14::el9
Red Hat	Red Hat OpenShift Container Platform 4.15	Unaffected: 415.92.202508192014-0 , < * (rpm) cpe:/a:redhat:openshift:4.15::el9
Red Hat	Red Hat OpenShift Container Platform 4.16	Unaffected: 416.94.202508261955-0 , < * (rpm) cpe:/a:redhat:openshift:4.16::el9
Red Hat	Red Hat OpenShift Container Platform 4.17	Unaffected: 417.94.202508141510-0 , < * (rpm) cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.18	Unaffected: 418.94.202508261658-0 , < * (rpm) cpe:/a:redhat:openshift:4.18::el9
Red Hat	Red Hat OpenShift Container Platform 4.19	Unaffected: 4.19.9.6.202508271124-0 , < * (rpm) cpe:/a:redhat:openshift:4.19::el9
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	Unaffected: 1.11-19 , < * (rpm) cpe:/a:redhat:webterminal:1.11::el9
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	Unaffected: 1.11-8 , < * (rpm) cpe:/a:redhat:webterminal:1.11::el9
Red Hat	Red Hat Web Terminal 1.12 on RHEL 9	Unaffected: 1.12-4 , < * (rpm) cpe:/a:redhat:webterminal:1.12::el9
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-11 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-11 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-11 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-10 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-10 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-4 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-9 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-18 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-11 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	RHOSS-1.36-RHEL-8	Unaffected: 1.36.0-7 , < * (rpm) cpe:/a:redhat:openshift_serverless:1.36::el8
Red Hat	cert-manager operator for Red Hat OpenShift 1.16	Unaffected: v1.16.5-1760515757 , < * (rpm) cpe:/a:redhat:cert_manager:1.16::el9
Red Hat	File Integrity Operator 1	Unaffected: v1.3 , < * (rpm) cpe:/a:redhat:openshift_file_integrity_operator:1::el9
Red Hat	OpenShift Compliance Operator 1	Unaffected: 1.8.0 , < * (rpm) cpe:/a:redhat:openshift_compliance_operator:1::el9
Red Hat	OpenShift Compliance Operator 1	Unaffected: 1.8.0 , < * (rpm) cpe:/a:redhat:openshift_compliance_operator:1::el9
Red Hat	OpenShift Compliance Operator 1	Unaffected: 1.8.0 , < * (rpm) cpe:/a:redhat:openshift_compliance_operator:1::el9
Red Hat	Red Hat Discovery 2	Unaffected: 2.0.1-1754478727 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Hardened Images	Unaffected: 2.15.3-0.1.hum1 , < * (rpm) cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat Insights proxy 1.5	Unaffected: 1.5.5-1754504343 , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559657 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559845 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559691 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559660 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559663 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559657 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754569861 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559846 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	Unaffected: rhosdt-3.5-1754559651 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Date Public

2025-07-10 00:00

Credits

Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7425",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-10T15:21:27.766014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-10T15:21:30.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:14:55.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Aug/0"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/37"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/35"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/30"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/11/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000RE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1400",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1500",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1501",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1510",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1511",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1512",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1524",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1536",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:02:33.327Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libxml2/",
          "defaultStatus": "unaffected",
          "packageName": "libxml2",
          "product": "libxml2",
          "vendor": "GNOME",
          "versions": [
            {
              "lessThan": "2.15.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.12.5-8.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libxslt",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.39-8.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.1-6.el7_9.12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-21.el8_10.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-21.el8_10.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-9.el8_2.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-9.el8_4.7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-9.el8_4.7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-13.el8_6.11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-13.el8_6.11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-13.el8_6.11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream",
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-16.el8_8.10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream",
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.7-16.el8_8.10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-11.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-11.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/o:redhat:rhel_e4s:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-1.el9_0.6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-3.el9_2.8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.9.13-11.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.12::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "412.86.202509030110-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "413.92.202509030117-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "414.92.202508270040-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "415.92.202508192014-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "416.94.202508261955-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "417.94.202508141510-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "418.94.202508261658-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.19.9.6.202508271124-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.11::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-rhel9-operator",
          "product": "Red Hat Web Terminal 1.11 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.11-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.11::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal 1.11 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.11-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:webterminal:1.12::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "web-terminal/web-terminal-tooling-rhel9",
          "product": "Red Hat Web Terminal 1.12 on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-db-migrator-tool-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-management-console-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-rhel8-operator",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.36::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
          "product": "RHOSS-1.36-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.36.0-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cert_manager:1.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cert-manager/jetstack-cert-manager-rhel9",
          "product": "cert-manager operator for Red Hat OpenShift 1.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.16.5-1760515757",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-file-integrity-rhel8-operator",
          "product": "File Integrity Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-must-gather-rhel8",
          "product": "OpenShift Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-openscap-rhel8",
          "product": "OpenShift Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_compliance_operator:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "compliance/openshift-compliance-rhel8-operator",
          "product": "OpenShift Compliance Operator 1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.0.1-1754478727",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "libxml2-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.15.3-0.1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.5.5-1754504343",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-agent-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559657",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-all-in-one-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559845",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-collector-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559691",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559660",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-es-rollover-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559663",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-ingester-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559657",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-operator-bundle",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754569861",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-query-rhel8",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559846",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/jaeger-rhel8-operator",
          "product": "Red Hat OpenShift distributed tracing 3.5.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "rhosdt-3.5-1754559651",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libxslt",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue."
        }
      ],
      "datePublic": "2025-07-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T16:05:29.983Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHBA-2025:12345",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2025:12345"
        },
        {
          "name": "RHSA-2025:12447",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12447"
        },
        {
          "name": "RHSA-2025:12450",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12450"
        },
        {
          "name": "RHSA-2025:13267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13267"
        },
        {
          "name": "RHSA-2025:13308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13308"
        },
        {
          "name": "RHSA-2025:13309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13309"
        },
        {
          "name": "RHSA-2025:13310",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13310"
        },
        {
          "name": "RHSA-2025:13311",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13311"
        },
        {
          "name": "RHSA-2025:13312",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13312"
        },
        {
          "name": "RHSA-2025:13313",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13313"
        },
        {
          "name": "RHSA-2025:13314",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13314"
        },
        {
          "name": "RHSA-2025:13335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13335"
        },
        {
          "name": "RHSA-2025:13464",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13464"
        },
        {
          "name": "RHSA-2025:13622",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:13622"
        },
        {
          "name": "RHSA-2025:14059",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14059"
        },
        {
          "name": "RHSA-2025:14396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14396"
        },
        {
          "name": "RHSA-2025:14818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14818"
        },
        {
          "name": "RHSA-2025:14819",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14819"
        },
        {
          "name": "RHSA-2025:14853",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14853"
        },
        {
          "name": "RHSA-2025:14858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:14858"
        },
        {
          "name": "RHSA-2025:15308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15308"
        },
        {
          "name": "RHSA-2025:15672",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15672"
        },
        {
          "name": "RHSA-2025:15827",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15827"
        },
        {
          "name": "RHSA-2025:15828",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:15828"
        },
        {
          "name": "RHSA-2025:18219",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:18219"
        },
        {
          "name": "RHSA-2025:21885",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21885"
        },
        {
          "name": "RHSA-2025:21913",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21913"
        },
        {
          "name": "RHSA-2026:0934",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0934"
        },
        {
          "name": "RHSA-2026:11503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-7425"
        },
        {
          "name": "RHBZ#2379274",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-10T09:37:28.172Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-10T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-416: Use After Free"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-7425",
    "datePublished": "2025-07-10T13:53:37.295Z",
    "dateReserved": "2025-07-10T08:44:06.287Z",
    "dateUpdated": "2026-05-12T12:02:33.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21925 (GCVE-0-2026-21925)

Vulnerability from cvelistv5 – Published: 2026-01-20 21:56 – Updated: 2026-05-12 12:08

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Severity

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpujan2026.html	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u471 Affected: 8u471-b50 Affected: 8u471-perf Affected: 11.0.29 Affected: 17.0.17 Affected: 21.0.9 Affected: 25.0.1
Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.17 Affected: 21.0.9
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T20:50:27.654836Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T20:51:07.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:47.916Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u471"
            },
            {
              "status": "affected",
              "version": "8u471-b50"
            },
            {
              "status": "affected",
              "version": "8u471-perf"
            },
            {
              "status": "affected",
              "version": "11.0.29"
            },
            {
              "status": "affected",
              "version": "17.0.17"
            },
            {
              "status": "affected",
              "version": "21.0.9"
            },
            {
              "status": "affected",
              "version": "25.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.17"
            },
            {
              "status": "affected",
              "version": "21.0.9"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.16"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u471:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u471",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u471:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.29:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.17:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.9:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.17:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.9:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.16:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI).  Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and  21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-20T21:56:21.058Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-21925",
    "datePublished": "2026-01-20T21:56:21.058Z",
    "dateReserved": "2026-01-05T18:07:34.708Z",
    "dateUpdated": "2026-05-12T12:08:47.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21932 (GCVE-0-2026-21932)

Vulnerability from cvelistv5 – Published: 2026-01-20 21:56 – Updated: 2026-05-12 12:08

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).

Severity

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpujan2026.html	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u471 Affected: 8u471-b50 Affected: 8u471-perf Affected: 11.0.29 Affected: 17.0.17 Affected: 21.0.9 Affected: 25.0.1
Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.17 Affected: 21.0.9
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T20:55:36.680427Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T20:55:54.335Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:49.052Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u471"
            },
            {
              "status": "affected",
              "version": "8u471-b50"
            },
            {
              "status": "affected",
              "version": "8u471-perf"
            },
            {
              "status": "affected",
              "version": "11.0.29"
            },
            {
              "status": "affected",
              "version": "17.0.17"
            },
            {
              "status": "affected",
              "version": "21.0.9"
            },
            {
              "status": "affected",
              "version": "25.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.17"
            },
            {
              "status": "affected",
              "version": "21.0.9"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.16"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u471:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u471",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u471:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.29:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.17:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.9:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.17:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.9:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.16:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX).  Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and  21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-20T21:56:23.742Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-21932",
    "datePublished": "2026-01-20T21:56:23.742Z",
    "dateReserved": "2026-01-05T18:07:34.709Z",
    "dateUpdated": "2026-05-12T12:08:49.052Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21933 (GCVE-0-2026-21933)

Vulnerability from cvelistv5 – Published: 2026-01-20 21:56 – Updated: 2026-05-12 12:08

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpujan2026.html	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u471 Affected: 8u471-b50 Affected: 8u471-perf Affected: 11.0.29 Affected: 17.0.17 Affected: 21.0.9 Affected: 25.0.1
Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.17 Affected: 21.0.9
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T20:56:13.969343Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T20:56:25.029Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:50.255Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u471"
            },
            {
              "status": "affected",
              "version": "8u471-b50"
            },
            {
              "status": "affected",
              "version": "8u471-perf"
            },
            {
              "status": "affected",
              "version": "11.0.29"
            },
            {
              "status": "affected",
              "version": "17.0.17"
            },
            {
              "status": "affected",
              "version": "21.0.9"
            },
            {
              "status": "affected",
              "version": "25.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.17"
            },
            {
              "status": "affected",
              "version": "21.0.9"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.16"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u471:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u471",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u471:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.29:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.17:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.9:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.17:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.9:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.16:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and  21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-20T21:56:24.083Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-21933",
    "datePublished": "2026-01-20T21:56:24.083Z",
    "dateReserved": "2026-01-05T18:07:34.709Z",
    "dateUpdated": "2026-05-12T12:08:50.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21945 (GCVE-0-2026-21945)

Vulnerability from cvelistv5 – Published: 2026-01-20 21:56 – Updated: 2026-05-12 12:08

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpujan2026.html	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u471 Affected: 8u471-b50 Affected: 8u471-perf Affected: 11.0.29 Affected: 17.0.17 Affected: 21.0.9 Affected: 25.0.1
Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.17 Affected: 21.0.9
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21945",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T15:04:39.899042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T15:05:36.940Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:51.450Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u471"
            },
            {
              "status": "affected",
              "version": "8u471-b50"
            },
            {
              "status": "affected",
              "version": "8u471-perf"
            },
            {
              "status": "affected",
              "version": "11.0.29"
            },
            {
              "status": "affected",
              "version": "17.0.17"
            },
            {
              "status": "affected",
              "version": "21.0.9"
            },
            {
              "status": "affected",
              "version": "25.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.17"
            },
            {
              "status": "affected",
              "version": "21.0.9"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.16"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u471:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u471",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u471:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.29:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.17:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.9:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.17:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.9:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.16:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and  21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-20T21:56:27.997Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-21945",
    "datePublished": "2026-01-20T21:56:27.997Z",
    "dateReserved": "2026-01-05T18:07:34.712Z",
    "dateUpdated": "2026-05-12T12:08:51.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0164

CVE-2025-12183 (GCVE-0-2025-12183)

CVE-2025-43368 (GCVE-0-2025-43368)

CVE-2025-47219 (GCVE-0-2025-47219)

CVE-2025-6021 (GCVE-0-2025-6021)

CVE-2025-6052 (GCVE-0-2025-6052)

CVE-2025-7425 (GCVE-0-2025-7425)

CVE-2026-21925 (GCVE-0-2026-21925)

CVE-2026-21932 (GCVE-0-2026-21932)

CVE-2026-21933 (GCVE-0-2026-21933)

CVE-2026-21945 (GCVE-0-2026-21945)

Tags

Sightings

Nomenclature