ROOT-APP-MAVEN-CVE-2025-66566 CVE-2025-66566 in io.root.org.lz4:lz4-java - Patched by Root

Root has patched CVE-2025-66566 in the io.root.org.lz4:lz4-java package for Root:Maven. Multiple fixed versions available...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2025-12183

Summary LZ4 is used by the IBM Datapower Operations Dashboard for their compression and xxHash hashing algorithm Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read...

RLSA-2026:20568 Important: jmc security update

JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications...

RockyLinux 9 : jmc (RLSA-2026:20568)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:20568 advisory. lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing CVE-2025-66566 org.eclipse.jetty/jetty-http: HTTP request smuggling v...

RHEL 9 : jmc (RHSA-2026:20568)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20568 advisory. JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis o...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via...

Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)

Sensitive Information in Resource Not Removed Before Reuse in Logstash Leading to Access to Sensitive Information Dependency on Vulnerable Third-Party Component CWE-1395 exists in org.lz4:lz4-java decompression library used by logstash-integration-kafka plugin in Logstash that could allow an...

CVE-2025-66566 vulnerabilities

Vulnerabilities for packages: debezium-connector-spanner, debezium-connector-ibmi, strimzi-kafka-operator, cassandra, debezium-connector-vitess, spark, sonarqube, kafka, debezium-connector-db2, zipkin, debezium-connector-informix, debezium...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service and a possible information leak due to LZ4 compression

Summary LZ4 compression for Java in Logstash is used by IBM Operations Analytics - Log Analysis as part of the fast, lightweight compression to reduce storage size. CVE-2025-12183, CVE-2025-66566. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.4 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.4 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.1.4 (RHSA-2026:1871)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1871 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.4 (RHSA-2026:1870)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1870 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses lz4-java-1.8.0.jar which is vulnerable to CVE-2025-12183, CVE-2025-66566.

Summary IBM Maximo Application Suite - Monitor Component uses lz4-java-1.8.0.jar which is vulnerable to CVE-2025-12183, CVE-2025-66566. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-66566 DESCRIPTION: yawkat LZ4 Java provides...

Oracle Essbase Information Disclosure Vulnerability (January 2026 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2026 Critical Patch Update CPU. It is, therefore, affected by: - yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor...

AlmaLinux 9 : jmc (ALSA-2026:0752)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:0752 advisory. lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing CVE-2025-66566 Tenable has extracted the preceding description block directly fr...

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Important: Red Hat Security Advisory: jmc security update

An update for jmc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

ALSA-2026:0752 Important: jmc security update

JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14.2.P1 for Spring Boot release.

Red Hat build of Apache Camel 4.14.2 for Spring Boot patch 1 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...