92 matches found
Important: Red Hat Security Advisory: jmc security update
An update for jmc is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
RHEL 9 : jmc (RHSA-2026:0751)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0751 advisory. JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the...
RHEL 9 : jmc (RHSA-2026:0752)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0752 advisory. JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the...
ALSA-2026:0752 Important: jmc security update
JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
Elasticsearch 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-07)
Elasticsearch yawkat LZ4 Java - CVE-2025-66566 ESA-2026-07 An Information Disclosure vulnerability CVE-2025-66566 exists in the yawkat LZ4 Java library used by Elasticsearch that allows an attacker to read previous buffer contents through specially crafted compressed input sent via the transport...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.4.SP1)
An update for Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available RHBQ 3.20.4.SP1. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
Security Bulletin: IBM Enterprise Build of Quarkus is affected by two vulnerabilities due to LZ4-java
Summary LZ4-java is a data compression library used by Netty and Apache Kafka. When LZ4-java is used to decompress untrusted data, remote attackers could cause Denial of Service and/or access sensitive data by sending crafted malicious input. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1.SP1 security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.4.SP1 security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...
Security update for netty
This update for netty fixes the following issues: Update to upstream version 4.1.130. Security issues fixed: CVE-2025-67735: lack of URI sanitization in HttpRequestEncoder allows for CRLF injection through a request URI and can lead to request smuggling bsc1255048. Other updates and bugfixes:...
CVE-2025-66566
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
CVE-2025-12183
A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...
Linux Distros Unpatched Vulnerability : CVE-2025-12183
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted...