com.rabbitmq:stream-client (=1.4.0), org.qubership.profiler:qubership-profiler-cli (>=3.0.3 <=3.0.4) +6 more potentially affected by CVE-2025-12183 +1 more via at.yawk.lz4:lz4-java (=1.10.0)

at.yawk.lz4:lz4-java MAVEN version =1.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on at.yawk.lz4:lz4-java and may be impacted: - com.rabbitmq:stream-client =1.4.0 - org.qubership.profiler:qubership-profiler-cli =3.0.3, =3.0.3, =3.0.3, =3.0.3,...

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), com.alibaba.fastjson2:fastjson2-extension (>=2.0.27 <=2.0.62) +39 more potentially affected by CVE-2025-12183 +1 more via org.lz4:lz4-pure-java (=1.8.0)

org.lz4:lz4-pure-java MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.lz4:lz4-pure-java and may be impacted: - cc.ddrpa.dorian.polystash:polystash-spring-boot-starter =1.0.0 - com.alibaba.fastjson2:fastjson2-extension =2.0.27,...

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), com.alibaba.fastjson2:fastjson2-extension (>=2.0.27 <=2.0.62) +39 more potentially affected by CVE-2025-66566 via org.lz4:lz4-pure-java (=1.8.0)

org.lz4:lz4-pure-java MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.lz4:lz4-pure-java and may be impacted: - cc.ddrpa.dorian.polystash:polystash-spring-boot-starter =1.0.0 - com.alibaba.fastjson2:fastjson2-extension =2.0.27,...

ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3) +14999 more potentially affected by CVE-2025-12183 +1 more via org.lz4:lz4-java (>=1.4 <=1.8.1)

org.lz4:lz4-java MAVEN version =1.4, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =1.2.10 and more Source cves: CVE-2025-12183, CVE-2025-66566 Source advisory: SNYK:JAVA-ORGLZ4-14219384...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...

Insertion of Sensitive Information Into Sent Data

Overview org.lz4:lz4-java is a Java port of the LZ4 compression algorithm and the xxHash hashing algorithm. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...

ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3) +14999 more potentially affected by CVE-2025-66566 via org.lz4:lz4-java (>=1.4 <=1.8.1)

org.lz4:lz4-java MAVEN version =1.4, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =1.2.10 and more Source cves: CVE-2025-66566 Source advisory: OSV:GHSA-CMP6-M4WJ-Q63Q...

GHSA-CMP6-M4WJ-Q63Q yawkat LZ4 Java has a possible information leak in Java safe decompressor

Summary Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lea...

CVE-2025-66566

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

UBUNTU-CVE-2025-66566

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

CVE-2025-66566

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

CVE-2025-66566 yawkat LZ4 Java has a possible information leak in Java safe decompressor

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

CVE-2025-66566 yawkat LZ4 Java has a possible information leak in Java safe decompressor

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

CVE-2025-66566 yawkat LZ4 Java has a possible information leak in Java safe decompressor

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

EUVD-2025-201456

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

CVE-2025-66566

CVE-2025-66566 affects yawkat LZ4 Java, including lz4-java 1.10.0 and earlier. The Java-based decompressor implementations fail to sufficiently clear the output buffer, enabling read-back of previously written data when processing crafted compressed input; JNI-based implementations are not affect...

Security Bulletin: IBM Storage Protect Server is vulnerable to remote compromise by unauthenticated attacker with network access via multiple protocols due to IBM SDK, Java (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761,CVE-2025-30754)

Summary IBM SDK, Java is vulnerable to remote compromise by unauthenticated attacker with network access via multiple protocols IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the...

Security Bulletin: Vulnerability in IBM Java may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Space Management and IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by ulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM...

Security Bulletin: IBM Storage Protect Operations Center is vulnerable to improper access control and stack overflow due to IBM SDK, Java (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary IBM SDK, Java is vulnerable to improper access control and stack overflow, IBM Storage Protect Operations Center uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the...