Security Bulletin: IBM Storage Protect Operations Center is vulnerable to improper access control and stack overflow due to IBM SDK, Java (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary IBM SDK, Java is vulnerable to improper access control and stack overflow, IBM Storage Protect Operations Center uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

Security Bulletin: IBM Storage Protect Server is vulnerable to improper access control and stack overflow due to IBM SDK, Java (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary IBM SDK, Java is vulnerable to improper access control and stack overflow, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL...

PlayStation: PS4 BD-J privilege escalation using nested JAR

A PS4 vulnerability was discovered in the Blu-ray Disc Java BD-J privilege escalation using nested JAR files. The vulnerability was found in the PS4 system software versions 13.00 to the latest version 13.02. The vulnerability was caused by a discrepancy between the security policy's path...

Security Bulletin: Oracle Java SE and GraalVM 2D Component Remote Code Execution Vulnerability, affects watsonx.data

Summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and...

LZ4 Java 安全漏洞

LZ4 Java is a compression library for Java by the individual developer Jonas Konrad. A security vulnerability exists in LZ4 Java 1.10.0 and earlier versions, which stems from insufficient output buffer clearing and could lead to the disclosure of sensitive data...

yawkat LZ4 Java has a possible information leak in Java safe decompressor

Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to...

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...

cyclonedx-core-java: CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

RHSA-2025:22672 Red Hat Security Advisory: java-21-ibm-semeru-certified-jdk security update

Bulletin has no description...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : OpenJDK 21 vulnerabilities (USN-7885-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7885-1 advisory. Jinfeng Guo discovered that the Security component of OpenJDK 21 did not correctly handle certain representations...

RHEL 10 : java-21-ibm-semeru-certified-jdk (RHSA-2025:22672)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22672 advisory. The IBM Semeru Runtime Certified Edition 21 runtime environment. Security Fixes: openjdk: Enhance Path Factories Oracle CPU 2025-10...

Oracle Linux 10 : java-25-openjdk (ELSA-2025-21485)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21485 advisory. 1:25.0.1.0.8-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:25.0.1.0.8-2 - Remove superfluous backslashes that cause two alternative commands t...

africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +2472 more potentially affected by CVE-2024-3884 via io.undertow:undertow-core (>=2.0.0.Alpha1 <=2.2.38.Final)

io.undertow:undertow-core MAVEN version =2.0.0.Alpha1, =1.0.0, =0.1.0-M16, =1.0.0, =1.0.1, =1.0.2, =1.0.0, =1.2.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2024-3884 Source advisory: SNYK:JAVA-IOUNDERTOW-15053841...

Moderate: Red Hat Security Advisory: java-21-ibm-semeru-certified-jdk security update

An update for java-21-ibm-semeru-certified-jdk is now available for Red Hat Enterprise Linux 10.0 Extended Update Support and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

openjdk: Enhance certificate handling (Oracle CPU 2025-10)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...

openjdk: Enhance Path Factories (Oracle CPU 2025-10)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2025) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2025. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

ai.konduit.serving:konduit-serving-clients (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-distro-bom (>=0.0.2 <=0.3.0) +4114 more potentially affected by CVE-2025-66453 via org.mozilla:rhino (>=1.7R3 <=1.7.14)

org.mozilla:rhino MAVEN version =1.7R3, =0.0.2, =0.0.2, =0.1-1, =1.0, =1.0, =1.0, =1.2.1 - blog.svenbayer:spring-cloud-contract-swagger =1.2.0.RELEASE - br.com.objectos.jabuticava:boleto =0.3.0 - br.com.objectos.jabuticava:duplicata =0.3.0 - br.com.objectos:boleto =0.1.0 - br.com.objectos:duplica...

ch.reportingsoft.birt:birt-runtime-bundle (>=4.19.0 <=4.20.0), cloud.wondrify:coffee-asset-pipeline (>=5.0.10 <=5.1.0-M4) +163 more potentially affected by CVE-2025-66453 via org.mozilla:rhino (=1.8.0)

org.mozilla:rhino MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mozilla:rhino and may be impacted: - ch.reportingsoft.birt:birt-runtime-bundle =4.19.0, =5.0.10, =5.0.10, =5.0.10, =10.2.1, =8.0.0, =8.0.0, =5.0.6, =5.0.6, =5.0....