Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF19 patch. Vulnerability Details CVEID:CVE-2022-39135 DESCRIPTION: Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML Extern...

Oracle Essbase Information Disclosure Vulnerability (January 2026 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2026 Critical Patch Update CPU. It is, therefore, affected by: - yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor...

Linux Distros Unpatched Vulnerability : CVE-2025-66566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java- based decompressor implementations in lz4-java 1.10.0 and...

Out-of-Bounds Read

libcurl.so is vulnerable to a out-of-bounds read. The warning message display function does not format the display information correctly when a warning is longer than 80 bytes, leading to an out-of-bounds read that can disclose sensitive information from the buffer or crash the application...