jmc security update

An update is available for jmc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced s...

RockyLinux 9 : jmc (RLSA-2026:20568)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:20568 advisory. lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing CVE-2025-66566 org.eclipse.jetty/jetty-http: HTTP request smuggling v...

RHEL 9 : jmc (RHSA-2026:20568)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20568 advisory. JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis o...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

Important: Red Hat Security Advisory: jmc security update

An update for jmc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka connectors are vulnerable to loss of confidentiality (CVE-2025-12183, CVE-2025-66566)

Summary Java module lz4 is used by IBM App Connect Enterprise Certified Container when connecting to Kafka servers. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka connectors are vulnerable to loss of confidentiality. This bulletin...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF19 patch. Vulnerability Details CVEID:CVE-2022-39135 DESCRIPTION: Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML Extern...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via...

Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a vulnerability in org.lz4 1.8.0 (CVE-2025-12183)

Summary IBM Data Server Driver for JDBC and SQLJ is affected by a vulnerability in org.lz4 1.8.0 CVE-2025-12183 Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read...

SUSE CVE-2025-12183

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

Important: Red Hat Security Advisory: JBoss EAP XP 5.0 Update 4.0 release. See references for release notes.

JBoss EAP XP 5.0 Update 4.0 release. See references for release notes. JBoss EAP XP 5.0 Update 4.0 GA release. See references for release notes. Security Fixes: vertx-core: static handler component cache can be manipulated to deny the access to static files eapxp-5 CVE-2026-1002 netty-codec:...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

K000160213: LZ4 vulnerability CVE-2025-12183

Security Advisory Description Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. CVE-2025-12183 Impact There is no impact; F5 products are not affected by this...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service and a possible information leak due to LZ4 compression

Summary LZ4 compression for Java in Logstash is used by IBM Operations Analytics - Log Analysis as part of the fast, lightweight compression to reduce storage size. CVE-2025-12183, CVE-2025-66566. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in...

Security Bulletin: IBM webMethods BPM is vulnerable to Out-of-bounds memory operations in org.lz4:lz4-java.

Summary IBM webMethods BPM uses lz4-java which is pulled in automatically as a dependency of webmethods event streaming library. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.4 XP 6.0.2.GA release

JBoss EAP XP 6.0.2.GA release on the EAP 8.1 base. See references for release notes. This is a cumulative patch release zip for the JBoss EAP XP 6.0.2 runtime distribution for use with EAP 8.1.4. Security Fixes: lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.4 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...