Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-8194 (GCVE-0-2025-8194)
Vulnerability from cvelistv5 – Published: 2025-07-28 18:42 – Updated: 2026-04-21 20:17
VLAI
EPSS
Title
Tarfile infinite loop during parsing with negative member offset
Summary
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
13 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.19
(python)
Affected: 3.11.0 , < 3.11.14 (python) Affected: 3.12.0 , < 3.12.12 (python) Affected: 3.13.0 , < 3.13.6 (python) Affected: 3.14.0a1 , < 3.14.0rc2 (python) |
Credits
Alexander Urieles
Seth Larson
Ethan Furman
Steve Dower
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T18:57:54.114655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T18:57:59.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:06:48.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.19",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.12",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.6",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0rc2",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alexander Urieles"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ethan Furman"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Steve Dower"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \u003cbr\u003e\u003cbr\u003eThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\"\u003ehttps://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\u003c/a\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\u00a0 https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:17:39.595Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/130577"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/137027"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe"
},
{
"tags": [
"mitigation"
],
"url": "https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tarfile infinite loop during parsing with negative member offset",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-8194",
"datePublished": "2025-07-28T18:42:44.847Z",
"dateReserved": "2025-07-25T14:05:55.899Z",
"dateUpdated": "2026-04-21T20:17:39.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-8194",
"date": "2026-06-06",
"epss": "0.01007",
"percentile": "0.77443"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-8194\",\"sourceIdentifier\":\"cna@python.org\",\"published\":\"2025-07-28T19:15:43.793\",\"lastModified\":\"2025-11-04T22:16:44.687\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \\n\\nThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\u00a0 https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\"},{\"lang\":\"es\",\"value\":\"Existe un defecto en el m\u00f3dulo \\\"tarfile\\\" de CPython que afecta a las API de extracci\u00f3n y enumeraci\u00f3n de entradas de \\\"TarFile\\\". La implementaci\u00f3n de tar procesaba archivos tar con desplazamientos negativos sin errores, lo que resultaba en un bucle infinito y un bloqueo durante el an\u00e1lisis de archivos tar manipulados con fines maliciosos. Esta vulnerabilidad se puede mitigar incluyendo el siguiente parche despu\u00e9s de importar el m\u00f3dulo \\\"tarfile\\\": import tarfile def _block_patched(self, count): if count \u0026lt; 0: # pragma: no cover raise tarfile.InvalidHeaderError(\\\"invalid offset\\\") return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"references\":[{\"url\":\"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/issues/130577\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/pull/137027\",\"source\":\"cna@python.org\"},{\"url\":\"https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/\",\"source\":\"cna@python.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/28/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/28/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/28/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/28/2\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T22:06:48.390Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-8194\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-28T18:57:54.114655Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-28T18:57:56.132Z\"}}], \"cna\": {\"title\": \"Tarfile infinite loop during parsing with negative member offset\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Alexander Urieles\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Seth Larson\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Ethan Furman\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Steve Dower\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/python/cpython\", \"vendor\": \"Python Software Foundation\", \"product\": \"CPython\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.10.19\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.11.0\", \"lessThan\": \"3.11.14\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.12.0\", \"lessThan\": \"3.12.12\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.13.0\", \"lessThan\": \"3.13.6\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.14.0a1\", \"lessThan\": \"3.14.0rc2\", \"versionType\": \"python\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/python/cpython/issues/130577\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/python/cpython/pull/137027\", \"tags\": [\"patch\"]}, {\"url\": \"https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe\", \"tags\": [\"patch\"]}, {\"url\": \"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\", \"tags\": [\"mitigation\"]}, {\"url\": \"https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There is a defect in the CPython \\u201ctarfile\\u201d module affecting the \\u201cTarFile\\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \\n\\nThis vulnerability can be mitigated by including the following patch after importing the \\u201ctarfile\\u201d module:\\u00a0 https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There is a defect in the CPython \\u201ctarfile\\u201d module affecting the \\u201cTarFile\\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \u003cbr\u003e\u003cbr\u003eThis vulnerability can be mitigated by including the following patch after importing the \\u201ctarfile\\u201d module:\u0026nbsp;\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\\\"\u003ehttps://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\u003c/a\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-835\", \"description\": \"CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"shortName\": \"PSF\", \"dateUpdated\": \"2026-04-21T20:17:39.595Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-8194\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-21T20:17:39.595Z\", \"dateReserved\": \"2025-07-25T14:05:55.899Z\", \"assignerOrgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"datePublished\": \"2025-07-28T18:42:44.847Z\", \"assignerShortName\": \"PSF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-8194
Vulnerability from fkie_nvd - Published: 2025-07-28 19:15 - Updated: 2026-04-15 00:35
Severity
Summary
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\u00a0 https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"
},
{
"lang": "es",
"value": "Existe un defecto en el m\u00f3dulo \"tarfile\" de CPython que afecta a las API de extracci\u00f3n y enumeraci\u00f3n de entradas de \"TarFile\". La implementaci\u00f3n de tar procesaba archivos tar con desplazamientos negativos sin errores, lo que resultaba en un bucle infinito y un bloqueo durante el an\u00e1lisis de archivos tar manipulados con fines maliciosos. Esta vulnerabilidad se puede mitigar incluyendo el siguiente parche despu\u00e9s de importar el m\u00f3dulo \"tarfile\": import tarfile def _block_patched(self, count): if count \u0026lt; 0: # pragma: no cover raise tarfile.InvalidHeaderError(\"invalid offset\") return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched"
}
],
"id": "CVE-2025-8194",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@python.org",
"type": "Secondary"
}
]
},
"published": "2025-07-28T19:15:43.793",
"references": [
{
"source": "cna@python.org",
"url": "https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"source": "cna@python.org",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"source": "cna@python.org",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/2"
}
],
"sourceIdentifier": "cna@python.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "cna@python.org",
"type": "Secondary"
}
]
}
GHSA-V594-44HM-2J7P
Vulnerability from github – Published: 2025-07-28 21:31 – Updated: 2025-11-05 00:31
VLAI
Details
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:
import tarfile
def _block_patched(self, count): if count < 0: # pragma: no cover raise tarfile.InvalidHeaderError("invalid offset") return _block_patched._orig_block(self, count)
_block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2025-8194"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-28T19:15:43Z",
"severity": "HIGH"
},
"details": "There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\n\n\n\nimport tarfile\n\ndef _block_patched(self, count):\n\u00a0 \u00a0 if count \u003c 0: # pragma: no cover\n\u00a0 \u00a0 \u00a0 \u00a0 raise tarfile.InvalidHeaderError(\"invalid offset\")\n\u00a0 \u00a0 return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched",
"id": "GHSA-v594-44hm-2j7p",
"modified": "2025-11-05T00:31:23Z",
"published": "2025-07-28T21:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227"
},
{
"type": "WEB",
"url": "https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2025-8194
Vulnerability from csaf_microsoft - Published: 2025-07-02 00:00 - Updated: 2026-02-21 04:18Summary
Tarfile infinite loop during parsing with negative member offset
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 19968-17084 | — | ||
| Unresolved product id: 19533-17086 | — |
Known affected
3 products
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-4 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 Tarfile infinite loop during parsing with negative member offset - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-8194.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Tarfile infinite loop during parsing with negative member offset",
"tracking": {
"current_release_date": "2026-02-21T04:18:39.000Z",
"generator": {
"date": "2026-02-25T08:57:13.479Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-8194",
"initial_release_date": "2025-07-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-04T02:31:30.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-21T04:18:39.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 python3 3.9.19-14",
"product": {
"name": "cbl2 python3 3.9.19-14",
"product_id": "1"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python3 3.12.9-4",
"product": {
"name": "\u003cazl3 python3 3.12.9-4",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 python3 3.12.9-4",
"product": {
"name": "azl3 python3 3.12.9-4",
"product_id": "19968"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 python3 3.9.19-14",
"product": {
"name": "\u003ccbl2 python3 3.9.19-14",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 python3 3.9.19-14",
"product": {
"name": "cbl2 python3 3.9.19-14",
"product_id": "19533"
}
}
],
"category": "product_name",
"name": "python3"
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "4"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python3 3.9.19-14 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python3 3.12.9-4 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python3 3.12.9-4 as a component of Azure Linux 3.0",
"product_id": "19968-17084"
},
"product_reference": "19968",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 python3 3.9.19-14 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python3 3.9.19-14 as a component of CBL Mariner 2.0",
"product_id": "19533-17086"
},
"product_reference": "19533",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0026#39;Infinite Loop\u0026#39;)"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-4"
]
}
],
"notes": [
{
"category": "general",
"text": "PSF",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19968-17084",
"19533-17086"
],
"known_affected": [
"17086-1",
"17084-2",
"17086-3"
],
"known_not_affected": [
"17084-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 Tarfile infinite loop during parsing with negative member offset - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-8194.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2025-09-04T02:31:30.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-1"
]
},
{
"category": "vendor_fix",
"date": "2025-09-04T02:31:30.000Z",
"details": "3.12.9-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-09-04T02:31:30.000Z",
"details": "3.9.19-15:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17086-1",
"17084-2",
"17086-3"
]
}
],
"title": "Tarfile infinite loop during parsing with negative member offset"
}
]
}
NCSC-2026-0021
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:19 - Updated: 2026-01-21 09:19Summary
Kwetsbaarheden verholpen in Oracle Database Server producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Database Server producten.
Interpretaties: De kwetsbaarheden in Oracle Database Server stellen niet-geauthenticeerde aanvallers in staat om de integriteit en vertrouwelijkheid van gegevens te compromitteren. Dit kan leiden tot ongeautoriseerde toegang tot gevoelige data en zelfs een mogelijke overname van de SQLcl-component.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences
CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-295: Improper Certificate Validation
CWE-297: Improper Validation of Certificate with Host Mismatch
CWE-326: Inadequate Encryption Strength
CWE-347: Improper Verification of Cryptographic Signature
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-404: Improper Resource Shutdown or Release
CWE-457: Use of Uninitialized Variable
CWE-502: Deserialization of Untrusted Data
CWE-674: Uncontrolled Recursion
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-862: Missing Authorization
CWE-908: Use of Uninitialized Resource
CWE-937: CWE-937
CWE-1035: CWE-1035
Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.
7.5 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.
8.7 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Recent vulnerabilities in Oracle NoSQL Database and Apache Parquet allow for significant security risks, including arbitrary code execution and database compromise, affecting versions 1.5 and 1.6 of Oracle NoSQL and 1.15.0 and earlier of Apache Parquet.
10.0 (Critical)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.
9.8 (Critical)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Apache Spark versions prior to 4.0.0, 3.5.2, and 3.4.4 have a vulnerability due to insecure RPC encryption, while Oracle GoldenGate Stream Analytics versions 19.1.0.0.0-19.1.0.0.11 allow unauthorized data access.
6.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
A vulnerability in Oracle GoldenGate's JDBC Driver for SQL Server (versions 21.3-21.20 and 23.4-23.10) allows unauthenticated attackers to exploit improper input validation, posing significant confidentiality and integrity risks with a CVSS score of 8.1.
8.1 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Netty's SMTP codec has a command injection vulnerability allowing email forgery, while Oracle GoldenGate Big Data and Application Adapters are susceptible to denial of service attacks by low-privileged users.
7.5 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Vulnerabilities in Oracle GraalVM for JDK and the GraalVM Multilingual Engine of Oracle Database Server allow unauthorized data access, with CVSS scores of 3.7 and 3.1, respectively.
CWE-862 - Missing AuthorizationAffected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.
5.3 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions 2.4.0 to 2.4.65 expose systems to unauthorized data manipulation, denial of service, and sensitive information disclosure through various exploitation methods.
6.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Multiple vulnerabilities in lz4-java (1.10.0 and earlier) and Oracle Essbase (21.8.0.0.0) allow unauthorized access and sensitive data disclosure due to insufficient buffer clearing and unauthenticated access, respectively.
7.5 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
The `io.netty.handler.codec.http.HttpRequestEncoder` is vulnerable to CRLF injection in the request URI, leading to request smuggling, while the Oracle Graal Development Kit for Micronaut has an exploitable vulnerability affecting specific versions.
6.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle's Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.
5.4 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
A vulnerability in Oracle APEX Sample Applications allows low-privileged attackers to compromise applications, leading to unauthorized data access and modifications across several supported versions.
5.4 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
A vulnerability in Oracle Database Server's SQLcl component (versions 23.4.0-23.26.0) allows unauthenticated attackers to compromise SQLcl with human interaction, rated with a CVSS 3.1 Base Score of 7.0.
7.0 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
A vulnerability in the Java VM component of Oracle Database Server versions 19.3-19.29 and 21.3-21.20 allows high-privileged authenticated users to potentially cause a denial of service, with a CVSS score of 4.5.
4.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
A vulnerability in Oracle Zero Data Loss Recovery Appliance Software (versions 23.1.0-23.1.202509) allows unauthenticated attackers to potentially gain unauthorized read access to data, with a CVSS score of 3.1.
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Core RDBMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Essbase
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fleet Patching and Provisioning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GoldenGate Big Data and Application Adapters
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Goldengate Stream Analytics
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / GraalVM
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Graph Server And Client
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Java Virtual Machine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / NoSQL Database
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle APEX Sample Applications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Database Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Graal Development Kit for Micronaut
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Zero Data Loss Recovery Appliance Software
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / SQLcl
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Secure Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Spatial and Graph
|
vers:unknown/* |
References
19 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Database Server producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle Database Server stellen niet-geauthenticeerde aanvallers in staat om de integriteit en vertrouwelijkheid van gegevens te compromitteren. Dit kan leiden tot ongeautoriseerde toegang tot gevoelige data en zelfs een mogelijke overname van de SQLcl-component. ",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"title": "CWE-93"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database Server producten",
"tracking": {
"current_release_date": "2026-01-21T09:19:00.000449Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0021",
"initial_release_date": "2026-01-21T09:19:00.000449Z",
"revision_history": [
{
"date": "2026-01-21T09:19:00.000449Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Core RDBMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Essbase"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Fleet Patching and Provisioning"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "GoldenGate Big Data and Application Adapters"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Goldengate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "GraalVM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Graph Server And Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Java Virtual Machine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "NoSQL Database"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle APEX Sample Applications"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Graal Development Kit for Micronaut"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Zero Data Loss Recovery Appliance Software"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "SQLcl"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Secure Backup"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Spatial and Graph"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-12383",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-30065",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle NoSQL Database and Apache Parquet allow for significant security risks, including arbitrary code execution and database compromise, affecting versions 1.5 and 1.6 of Oracle NoSQL and 1.15.0 and earlier of Apache Parquet.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30065 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-30065.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-30065"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-54874",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54874"
},
{
"cve": "CVE-2025-55039",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "other",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Spark versions prior to 4.0.0, 3.5.2, and 3.4.4 have a vulnerability due to insecure RPC encryption, while Oracle GoldenGate Stream Analytics versions 19.1.0.0.0-19.1.0.0.11 allow unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55039 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55039.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-55039"
},
{
"cve": "CVE-2025-59250",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "A vulnerability in Oracle GoldenGate\u0027s JDBC Driver for SQL Server (versions 21.3-21.20 and 23.4-23.10) allows unauthenticated attackers to exploit improper input validation, posing significant confidentiality and integrity risks with a CVSS score of 8.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59250 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59250.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-59250"
},
{
"cve": "CVE-2025-59419",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"title": "CWE-93"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Netty\u0027s SMTP codec has a command injection vulnerability allowing email forgery, while Oracle GoldenGate Big Data and Application Adapters are susceptible to denial of service attacks by low-privileged users.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59419 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59419.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-59419"
},
{
"cve": "CVE-2025-61755",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "Vulnerabilities in Oracle GraalVM for JDK and the GraalVM Multilingual Engine of Oracle Database Server allow unauthorized data access, with CVSS scores of 3.7 and 3.1, respectively.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61755 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61755.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-61755"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-65082",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions 2.4.0 to 2.4.65 expose systems to unauthorized data manipulation, denial of service, and sensitive information disclosure through various exploitation methods.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65082 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65082.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-65082"
},
{
"cve": "CVE-2025-66566",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "Multiple vulnerabilities in lz4-java (1.10.0 and earlier) and Oracle Essbase (21.8.0.0.0) allow unauthorized access and sensitive data disclosure due to insufficient buffer clearing and unauthenticated access, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66566 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66566.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-66566"
},
{
"cve": "CVE-2025-67735",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"title": "CWE-93"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The `io.netty.handler.codec.http.HttpRequestEncoder` is vulnerable to CRLF injection in the request URI, leading to request smuggling, while the Oracle Graal Development Kit for Micronaut has an exploitable vulnerability affecting specific versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-67735 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-67735.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-67735"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle\u0027s Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-21931",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle APEX Sample Applications allows low-privileged attackers to compromise applications, leading to unauthorized data access and modifications across several supported versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21931 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21931.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21931"
},
{
"cve": "CVE-2026-21939",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Database Server\u0027s SQLcl component (versions 23.4.0-23.26.0) allows unauthenticated attackers to compromise SQLcl with human interaction, rated with a CVSS 3.1 Base Score of 7.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21939 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21939.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21939"
},
{
"cve": "CVE-2026-21975",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Java VM component of Oracle Database Server versions 19.3-19.29 and 21.3-21.20 allows high-privileged authenticated users to potentially cause a denial of service, with a CVSS score of 4.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21975 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21975.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21975"
},
{
"cve": "CVE-2026-21977",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Zero Data Loss Recovery Appliance Software (versions 23.1.0-23.1.202509) allows unauthenticated attackers to potentially gain unauthorized read access to data, with a CVSS score of 3.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21977 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21977.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21977"
}
]
}
NCSC-2026-0022
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:25 - Updated: 2026-01-21 09:25Summary
Kwetsbaarheden verholpen in Oracle Communications producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.
Interpretaties: De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-863: Incorrect Authorization
CWE-937: CWE-937
CWE-1035: CWE-1035
CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-20: Improper Input Validation
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-116: Improper Encoding or Escaping of Output
CWE-121: Stack-based Buffer Overflow
CWE-122: Heap-based Buffer Overflow
CWE-123: Write-what-where Condition
CWE-125: Out-of-bounds Read
CWE-126: Buffer Over-read
CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-209: Generation of Error Message Containing Sensitive Information
CWE-252: Unchecked Return Value
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-295: Improper Certificate Validation
CWE-297: Improper Validation of Certificate with Host Mismatch
CWE-393: Return of Wrong Status Code
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-407: Inefficient Algorithmic Complexity
CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
CWE-415: Double Free
CWE-416: Use After Free
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-789: Memory Allocation with Excessive Size Value
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.
5.3 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.
4.3 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities, including the 'MadeYouReset' attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.
7.1 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.
8.1 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.
8.8 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.
5.9 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.
8.2 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications products and GnuTLS's certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.
8.2 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.
8.8 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.
10.0 (Critical)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.
8.3 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.
5.3 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.
5.3 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.
7.1 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.
8.6 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
10.0 (Critical)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle's Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.
5.4 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
References
32 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Return of Wrong Status Code",
"title": "CWE-393"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2026-01-21T09:25:39.876330Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0022",
"initial_release_date": "2026-01-21T09:25:39.876330Z",
"revision_history": [
{
"date": "2026-01-21T09:25:39.876330Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Cloud Native Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications ASAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications BRM - Elastic Charging Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Element Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications IP Service Activator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Policy Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Report Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-46901",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-46901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-46901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2024-46901"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5987",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"notes": [
{
"category": "other",
"text": "Return of Wrong Status Code",
"title": "CWE-393"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5987.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5987"
},
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"notes": [
{
"category": "other",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9900 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-9900"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25193 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25193.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-25193"
},
{
"cve": "CVE-2025-26333",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-32988",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-32988"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications products and GnuTLS\u0027s certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-46727",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46727 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46727.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-46727"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48060 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48060.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48060"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49844",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49844 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49844.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-49844"
},
{
"cve": "CVE-2025-54571",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-58098",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58098 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58098.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-58098"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "description",
"text": "Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-64718 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64718.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65018 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle\u0027s Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-68161"
}
]
}
NCSC-2026-0127
Vulnerability from csaf_ncscnl - Published: 2026-04-22 14:10 - Updated: 2026-04-22 14:10Summary
Kwetsbaarheden verholpen in Oracle PeopleSoft
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en deze te wijzigen. Daarbij kunnen de kwetsbaarheden leiden tot een denial-of-service van de betreffende producten.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-284: Improper Access Control
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-295: Improper Certificate Validation
CWE-297: Improper Validation of Certificate with Host Mismatch
A vulnerability in Oracle PeopleSoft Enterprise HCM Shared Components 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access, with a CVSS 3.1 score of 5.4.
5.4 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise HCM Absence Management 9.2 allows a high-privileged attacker with network access to exploit the system via HTTP, potentially causing unauthorized data modification with a CVSS 3.1 score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise PeopleTools Portal versions 8.61-8.62 allows unauthenticated network attackers to perform unauthorized read and write operations on accessible data, with a CVSS 3.1 base score of 6.1.
6.1 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 to 8.62 allows a high-privileged attacker with network access to modify data, read sensitive information, and cause partial denial of service, rated CVSS 3.1 score 6.6.
6.6 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources 9.2 allows a high-privileged attacker with HTTP network access to create, delete, or modify critical data, with a CVSS 3.1 base score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical or all accessible data, with a CVSS 3.1 base score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise FIN Contracts 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5 for confidentiality impact.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise FIN Project Costing 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise PeopleTools Workflow (versions 8.61-8.62) allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access to certain data, with a CVSS 3.1 score of 5.4.
5.4 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A high-severity vulnerability in Oracle PeopleSoft Enterprise PeopleTools 8.61-8.62 allows low-privileged attackers with network access to manipulate critical data via HTTP, with a CVSS 3.1 score of 8.1.
8.1 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise CS Student Records 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized access to critical data, rated CVSS 3.1 base score 5.7.
5.7 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
Multiple Python versions, including 3.6 through 3.13, have addressed denial of service vulnerabilities caused by infinite loops and deadlocks in the tarfile module when processing tar archives with negative offsets, alongside fixes for other security and stability issues.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A curl vulnerability (CVE-2025-14017) allows TLS option changes in one thread during multithreaded LDAPS transfers to affect other threads globally, potentially disabling certificate verification, alongside other security issues in libcurl and a MySQL Enterprise Backup flaw.
7.4 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
OpenSSL 3.x contains a stack buffer overflow vulnerability in CMS AuthEnvelopedData parsing with AEAD ciphers that can cause denial of service or remote code execution, affecting multiple vendors including Red Hat and NetApp, but not OpenSSL 1.1.1, 1.0.2, or FIPS modules.
9.8 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
libheif versions prior to 1.19.6 contain a NULL pointer dereference vulnerability in ImageItem_Grid::get_decoder, affecting Oracle Hyperion Financial Reporting 11.2.23 and Oracle PeopleSoft Enterprise PeopleTools 8.61-8.62, enabling unauthenticated denial of service attacks with a CVSS score of 7.5.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
Axios versions prior to 1.12.0 on Node.js improperly handle data: scheme URLs by decoding entire payloads into memory without size validation, enabling denial of service via unbounded memory allocation, alongside other vulnerabilities in HPE and Oracle products.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
urllib3 versions prior to 2.6.0 contain a vulnerability allowing unbounded decompression chains in HTTP responses, leading to excessive CPU and memory usage and resulting in Denial of Service conditions.
8.6 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.
5.4 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access to certain data, with a CVSS 3.1 score of 5.4.
5.4 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
References
22 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en deze te wijzigen. Daarbij kunnen de kwetsbaarheden leiden tot een denial-of-service van de betreffende producten.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle PeopleSoft",
"tracking": {
"current_release_date": "2026-04-22T14:10:36.199130Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0127",
"initial_release_date": "2026-04-22T14:10:36.199130Z",
"revision_history": [
{
"date": "2026-04-22T14:10:36.199130Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "PeopleSoft"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise CC Common Application Objects"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN Contracts"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise PeopleTools"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise SCM Purchasing"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise CS Student Records"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise HCM Human Resources"
}
],
"category": "vendor",
"name": "Oracle Corporation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22019",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise HCM Shared Components 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access, with a CVSS 3.1 score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22019 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22019.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-22019"
},
{
"cve": "CVE-2026-34266",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise HCM Absence Management 9.2 allows a high-privileged attacker with network access to exploit the system via HTTP, potentially causing unauthorized data modification with a CVSS 3.1 score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34266 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34266.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34266"
},
{
"cve": "CVE-2026-34269",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise PeopleTools Portal versions 8.61-8.62 allows unauthenticated network attackers to perform unauthorized read and write operations on accessible data, with a CVSS 3.1 base score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34269 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34269.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34269"
},
{
"cve": "CVE-2026-34277",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 to 8.62 allows a high-privileged attacker with network access to modify data, read sensitive information, and cause partial denial of service, rated CVSS 3.1 score 6.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34277 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34277.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34277"
},
{
"cve": "CVE-2026-34280",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources 9.2 allows a high-privileged attacker with HTTP network access to create, delete, or modify critical data, with a CVSS 3.1 base score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34280 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34280.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34280"
},
{
"cve": "CVE-2026-34295",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical or all accessible data, with a CVSS 3.1 base score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34295 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34295.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34295"
},
{
"cve": "CVE-2026-34299",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34299 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34299.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34299"
},
{
"cve": "CVE-2026-34300",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise FIN Contracts 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5 for confidentiality impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34300 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34300.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34300"
},
{
"cve": "CVE-2026-34301",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34301 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34301.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34301"
},
{
"cve": "CVE-2026-34306",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise FIN Project Costing 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34306 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34306.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34306"
},
{
"cve": "CVE-2026-34307",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise PeopleTools Workflow (versions 8.61-8.62) allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access to certain data, with a CVSS 3.1 score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34307 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34307.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34307"
},
{
"cve": "CVE-2026-34309",
"notes": [
{
"category": "description",
"text": "A high-severity vulnerability in Oracle PeopleSoft Enterprise PeopleTools 8.61-8.62 allows low-privileged attackers with network access to manipulate critical data via HTTP, with a CVSS 3.1 score of 8.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34309 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34309.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34309"
},
{
"cve": "CVE-2026-35241",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise CS Student Records 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized access to critical data, rated CVSS 3.1 base score 5.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-35241 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35241.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-35241"
},
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Multiple Python versions, including 3.6 through 3.13, have addressed denial of service vulnerabilities caused by infinite loops and deadlocks in the tarfile module when processing tar archives with negative offsets, alongside fixes for other security and stability issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-14017",
"cwe": {
"id": "CWE-567",
"name": "Unsynchronized Access to Shared Data in a Multithreaded Context"
},
"notes": [
{
"category": "other",
"text": "Unsynchronized Access to Shared Data in a Multithreaded Context",
"title": "CWE-567"
},
{
"category": "other",
"text": "Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element",
"title": "CWE-1058"
},
{
"category": "description",
"text": "A curl vulnerability (CVE-2025-14017) allows TLS option changes in one thread during multithreaded LDAPS transfers to affect other threads globally, potentially disabling certificate verification, alongside other security issues in libcurl and a MySQL Enterprise Backup flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14017 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14017.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-14017"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "OpenSSL 3.x contains a stack buffer overflow vulnerability in CMS AuthEnvelopedData parsing with AEAD ciphers that can cause denial of service or remote code execution, affecting multiple vendors including Red Hat and NetApp, but not OpenSSL 1.1.1, 1.0.2, or FIPS modules.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-15467 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-15467.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-43967",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "libheif versions prior to 1.19.6 contain a NULL pointer dereference vulnerability in ImageItem_Grid::get_decoder, affecting Oracle Hyperion Financial Reporting 11.2.23 and Oracle PeopleSoft Enterprise PeopleTools 8.61-8.62, enabling unauthenticated denial of service attacks with a CVSS score of 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43967 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43967.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-43967"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Axios versions prior to 1.12.0 on Node.js improperly handle data: scheme URLs by decoding entire payloads into memory without size validation, enabling denial of service via unbounded memory allocation, alongside other vulnerabilities in HPE and Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58754 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58754.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-58754"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "urllib3 versions prior to 2.6.0 contain a vulnerability allowing unbounded decompression chains in HTTP responses, leading to excessive CPU and memory usage and resulting in Denial of Service conditions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-22006",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access to certain data, with a CVSS 3.1 score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22006 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-22006"
}
]
}
OPENSUSE-SU-2025:15402-1
Vulnerability from csaf_opensuse - Published: 2025-08-03 00:00 - Updated: 2025-08-03 00:00Summary
python310-3.10.18-4.1 on GA media
Severity
Moderate
Notes
Title of the patch: python310-3.10.18-4.1 on GA media
Description of the patch: These are all security issues fixed in the python310-3.10.18-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15402
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-3.10.18-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-3.10.18-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-3.10.18-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-3.10.18-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-curses-3.10.18-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-curses-3.10.18-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-curses-3.10.18-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-curses-3.10.18-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-idle-3.10.18-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-idle-3.10.18-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-idle-3.10.18-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-idle-3.10.18-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-tk-3.10.18-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-tk-3.10.18-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-tk-3.10.18-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-tk-3.10.18-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-3.10.18-4.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-3.10.18-4.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15402",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15402-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8194/"
}
],
"title": "python310-3.10.18-4.1 on GA media",
"tracking": {
"current_release_date": "2025-08-03T00:00:00Z",
"generator": {
"date": "2025-08-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15402-1",
"initial_release_date": "2025-08-03T00:00:00Z",
"revision_history": [
{
"date": "2025-08-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-3.10.18-4.1.aarch64",
"product": {
"name": "python310-3.10.18-4.1.aarch64",
"product_id": "python310-3.10.18-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-32bit-3.10.18-4.1.aarch64",
"product": {
"name": "python310-32bit-3.10.18-4.1.aarch64",
"product_id": "python310-32bit-3.10.18-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.18-4.1.aarch64",
"product": {
"name": "python310-curses-3.10.18-4.1.aarch64",
"product_id": "python310-curses-3.10.18-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.18-4.1.aarch64",
"product": {
"name": "python310-dbm-3.10.18-4.1.aarch64",
"product_id": "python310-dbm-3.10.18-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.18-4.1.aarch64",
"product": {
"name": "python310-idle-3.10.18-4.1.aarch64",
"product_id": "python310-idle-3.10.18-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.18-4.1.aarch64",
"product": {
"name": "python310-tk-3.10.18-4.1.aarch64",
"product_id": "python310-tk-3.10.18-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-3.10.18-4.1.ppc64le",
"product": {
"name": "python310-3.10.18-4.1.ppc64le",
"product_id": "python310-3.10.18-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-32bit-3.10.18-4.1.ppc64le",
"product": {
"name": "python310-32bit-3.10.18-4.1.ppc64le",
"product_id": "python310-32bit-3.10.18-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.18-4.1.ppc64le",
"product": {
"name": "python310-curses-3.10.18-4.1.ppc64le",
"product_id": "python310-curses-3.10.18-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.18-4.1.ppc64le",
"product": {
"name": "python310-dbm-3.10.18-4.1.ppc64le",
"product_id": "python310-dbm-3.10.18-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.18-4.1.ppc64le",
"product": {
"name": "python310-idle-3.10.18-4.1.ppc64le",
"product_id": "python310-idle-3.10.18-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.18-4.1.ppc64le",
"product": {
"name": "python310-tk-3.10.18-4.1.ppc64le",
"product_id": "python310-tk-3.10.18-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-3.10.18-4.1.s390x",
"product": {
"name": "python310-3.10.18-4.1.s390x",
"product_id": "python310-3.10.18-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-32bit-3.10.18-4.1.s390x",
"product": {
"name": "python310-32bit-3.10.18-4.1.s390x",
"product_id": "python310-32bit-3.10.18-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.18-4.1.s390x",
"product": {
"name": "python310-curses-3.10.18-4.1.s390x",
"product_id": "python310-curses-3.10.18-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.18-4.1.s390x",
"product": {
"name": "python310-dbm-3.10.18-4.1.s390x",
"product_id": "python310-dbm-3.10.18-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.18-4.1.s390x",
"product": {
"name": "python310-idle-3.10.18-4.1.s390x",
"product_id": "python310-idle-3.10.18-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.18-4.1.s390x",
"product": {
"name": "python310-tk-3.10.18-4.1.s390x",
"product_id": "python310-tk-3.10.18-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-3.10.18-4.1.x86_64",
"product": {
"name": "python310-3.10.18-4.1.x86_64",
"product_id": "python310-3.10.18-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-32bit-3.10.18-4.1.x86_64",
"product": {
"name": "python310-32bit-3.10.18-4.1.x86_64",
"product_id": "python310-32bit-3.10.18-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.18-4.1.x86_64",
"product": {
"name": "python310-curses-3.10.18-4.1.x86_64",
"product_id": "python310-curses-3.10.18-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.18-4.1.x86_64",
"product": {
"name": "python310-dbm-3.10.18-4.1.x86_64",
"product_id": "python310-dbm-3.10.18-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.18-4.1.x86_64",
"product": {
"name": "python310-idle-3.10.18-4.1.x86_64",
"product_id": "python310-idle-3.10.18-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.18-4.1.x86_64",
"product": {
"name": "python310-tk-3.10.18-4.1.x86_64",
"product_id": "python310-tk-3.10.18-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.18-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-3.10.18-4.1.aarch64"
},
"product_reference": "python310-3.10.18-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.18-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-3.10.18-4.1.ppc64le"
},
"product_reference": "python310-3.10.18-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.18-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-3.10.18-4.1.s390x"
},
"product_reference": "python310-3.10.18-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.18-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-3.10.18-4.1.x86_64"
},
"product_reference": "python310-3.10.18-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-32bit-3.10.18-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.aarch64"
},
"product_reference": "python310-32bit-3.10.18-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-32bit-3.10.18-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.ppc64le"
},
"product_reference": "python310-32bit-3.10.18-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-32bit-3.10.18-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.s390x"
},
"product_reference": "python310-32bit-3.10.18-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-32bit-3.10.18-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.x86_64"
},
"product_reference": "python310-32bit-3.10.18-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.18-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-curses-3.10.18-4.1.aarch64"
},
"product_reference": "python310-curses-3.10.18-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.18-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-curses-3.10.18-4.1.ppc64le"
},
"product_reference": "python310-curses-3.10.18-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.18-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-curses-3.10.18-4.1.s390x"
},
"product_reference": "python310-curses-3.10.18-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.18-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-curses-3.10.18-4.1.x86_64"
},
"product_reference": "python310-curses-3.10.18-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.18-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.aarch64"
},
"product_reference": "python310-dbm-3.10.18-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.18-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.ppc64le"
},
"product_reference": "python310-dbm-3.10.18-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.18-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.s390x"
},
"product_reference": "python310-dbm-3.10.18-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.18-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.x86_64"
},
"product_reference": "python310-dbm-3.10.18-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.18-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-idle-3.10.18-4.1.aarch64"
},
"product_reference": "python310-idle-3.10.18-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.18-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-idle-3.10.18-4.1.ppc64le"
},
"product_reference": "python310-idle-3.10.18-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.18-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-idle-3.10.18-4.1.s390x"
},
"product_reference": "python310-idle-3.10.18-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.18-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-idle-3.10.18-4.1.x86_64"
},
"product_reference": "python310-idle-3.10.18-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.18-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-tk-3.10.18-4.1.aarch64"
},
"product_reference": "python310-tk-3.10.18-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.18-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-tk-3.10.18-4.1.ppc64le"
},
"product_reference": "python310-tk-3.10.18-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.18-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-tk-3.10.18-4.1.s390x"
},
"product_reference": "python310-tk-3.10.18-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.18-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-tk-3.10.18-4.1.x86_64"
},
"product_reference": "python310-tk-3.10.18-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8194"
}
],
"notes": [
{
"category": "general",
"text": "There is a defect in the CPython \"tarfile\" module affecting the \"TarFile\" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \"tarfile\" module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8194",
"url": "https://www.suse.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "SUSE Bug 1247249 for CVE-2025-8194",
"url": "https://bugzilla.suse.com/1247249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-32bit-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-curses-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-dbm-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-idle-3.10.18-4.1.x86_64",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.aarch64",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.ppc64le",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.s390x",
"openSUSE Tumbleweed:python310-tk-3.10.18-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-8194"
}
]
}
OPENSUSE-SU-2025:15403-1
Vulnerability from csaf_opensuse - Published: 2025-08-03 00:00 - Updated: 2025-08-03 00:00Summary
python314-3.14.0~rc1-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: python314-3.14.0~rc1-2.1 on GA media
Description of the patch: These are all security issues fixed in the python314-3.14.0~rc1-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15403
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python314-3.14.0~rc1-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python314-3.14.0~rc1-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15403",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15403-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8194/"
}
],
"title": "python314-3.14.0~rc1-2.1 on GA media",
"tracking": {
"current_release_date": "2025-08-03T00:00:00Z",
"generator": {
"date": "2025-08-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15403-1",
"initial_release_date": "2025-08-03T00:00:00Z",
"revision_history": [
{
"date": "2025-08-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python314-3.14.0~rc1-2.1.aarch64",
"product": {
"name": "python314-3.14.0~rc1-2.1.aarch64",
"product_id": "python314-3.14.0~rc1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-curses-3.14.0~rc1-2.1.aarch64",
"product": {
"name": "python314-curses-3.14.0~rc1-2.1.aarch64",
"product_id": "python314-curses-3.14.0~rc1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-dbm-3.14.0~rc1-2.1.aarch64",
"product": {
"name": "python314-dbm-3.14.0~rc1-2.1.aarch64",
"product_id": "python314-dbm-3.14.0~rc1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-idle-3.14.0~rc1-2.1.aarch64",
"product": {
"name": "python314-idle-3.14.0~rc1-2.1.aarch64",
"product_id": "python314-idle-3.14.0~rc1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-tk-3.14.0~rc1-2.1.aarch64",
"product": {
"name": "python314-tk-3.14.0~rc1-2.1.aarch64",
"product_id": "python314-tk-3.14.0~rc1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.aarch64",
"product": {
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.aarch64",
"product_id": "python314-x86-64-v3-3.14.0~rc1-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python314-3.14.0~rc1-2.1.ppc64le",
"product": {
"name": "python314-3.14.0~rc1-2.1.ppc64le",
"product_id": "python314-3.14.0~rc1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-curses-3.14.0~rc1-2.1.ppc64le",
"product": {
"name": "python314-curses-3.14.0~rc1-2.1.ppc64le",
"product_id": "python314-curses-3.14.0~rc1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-dbm-3.14.0~rc1-2.1.ppc64le",
"product": {
"name": "python314-dbm-3.14.0~rc1-2.1.ppc64le",
"product_id": "python314-dbm-3.14.0~rc1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-idle-3.14.0~rc1-2.1.ppc64le",
"product": {
"name": "python314-idle-3.14.0~rc1-2.1.ppc64le",
"product_id": "python314-idle-3.14.0~rc1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-tk-3.14.0~rc1-2.1.ppc64le",
"product": {
"name": "python314-tk-3.14.0~rc1-2.1.ppc64le",
"product_id": "python314-tk-3.14.0~rc1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.ppc64le",
"product": {
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.ppc64le",
"product_id": "python314-x86-64-v3-3.14.0~rc1-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python314-3.14.0~rc1-2.1.s390x",
"product": {
"name": "python314-3.14.0~rc1-2.1.s390x",
"product_id": "python314-3.14.0~rc1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-curses-3.14.0~rc1-2.1.s390x",
"product": {
"name": "python314-curses-3.14.0~rc1-2.1.s390x",
"product_id": "python314-curses-3.14.0~rc1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-dbm-3.14.0~rc1-2.1.s390x",
"product": {
"name": "python314-dbm-3.14.0~rc1-2.1.s390x",
"product_id": "python314-dbm-3.14.0~rc1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-idle-3.14.0~rc1-2.1.s390x",
"product": {
"name": "python314-idle-3.14.0~rc1-2.1.s390x",
"product_id": "python314-idle-3.14.0~rc1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-tk-3.14.0~rc1-2.1.s390x",
"product": {
"name": "python314-tk-3.14.0~rc1-2.1.s390x",
"product_id": "python314-tk-3.14.0~rc1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.s390x",
"product": {
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.s390x",
"product_id": "python314-x86-64-v3-3.14.0~rc1-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python314-3.14.0~rc1-2.1.x86_64",
"product": {
"name": "python314-3.14.0~rc1-2.1.x86_64",
"product_id": "python314-3.14.0~rc1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-curses-3.14.0~rc1-2.1.x86_64",
"product": {
"name": "python314-curses-3.14.0~rc1-2.1.x86_64",
"product_id": "python314-curses-3.14.0~rc1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-dbm-3.14.0~rc1-2.1.x86_64",
"product": {
"name": "python314-dbm-3.14.0~rc1-2.1.x86_64",
"product_id": "python314-dbm-3.14.0~rc1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-idle-3.14.0~rc1-2.1.x86_64",
"product": {
"name": "python314-idle-3.14.0~rc1-2.1.x86_64",
"product_id": "python314-idle-3.14.0~rc1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-tk-3.14.0~rc1-2.1.x86_64",
"product": {
"name": "python314-tk-3.14.0~rc1-2.1.x86_64",
"product_id": "python314-tk-3.14.0~rc1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.x86_64",
"product": {
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.x86_64",
"product_id": "python314-x86-64-v3-3.14.0~rc1-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-3.14.0~rc1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.aarch64"
},
"product_reference": "python314-3.14.0~rc1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-3.14.0~rc1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.ppc64le"
},
"product_reference": "python314-3.14.0~rc1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-3.14.0~rc1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.s390x"
},
"product_reference": "python314-3.14.0~rc1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-3.14.0~rc1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.x86_64"
},
"product_reference": "python314-3.14.0~rc1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-curses-3.14.0~rc1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.aarch64"
},
"product_reference": "python314-curses-3.14.0~rc1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-curses-3.14.0~rc1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.ppc64le"
},
"product_reference": "python314-curses-3.14.0~rc1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-curses-3.14.0~rc1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.s390x"
},
"product_reference": "python314-curses-3.14.0~rc1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-curses-3.14.0~rc1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.x86_64"
},
"product_reference": "python314-curses-3.14.0~rc1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-dbm-3.14.0~rc1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.aarch64"
},
"product_reference": "python314-dbm-3.14.0~rc1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-dbm-3.14.0~rc1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.ppc64le"
},
"product_reference": "python314-dbm-3.14.0~rc1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-dbm-3.14.0~rc1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.s390x"
},
"product_reference": "python314-dbm-3.14.0~rc1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-dbm-3.14.0~rc1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.x86_64"
},
"product_reference": "python314-dbm-3.14.0~rc1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-idle-3.14.0~rc1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.aarch64"
},
"product_reference": "python314-idle-3.14.0~rc1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-idle-3.14.0~rc1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.ppc64le"
},
"product_reference": "python314-idle-3.14.0~rc1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-idle-3.14.0~rc1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.s390x"
},
"product_reference": "python314-idle-3.14.0~rc1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-idle-3.14.0~rc1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.x86_64"
},
"product_reference": "python314-idle-3.14.0~rc1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-tk-3.14.0~rc1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.aarch64"
},
"product_reference": "python314-tk-3.14.0~rc1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-tk-3.14.0~rc1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.ppc64le"
},
"product_reference": "python314-tk-3.14.0~rc1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-tk-3.14.0~rc1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.s390x"
},
"product_reference": "python314-tk-3.14.0~rc1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-tk-3.14.0~rc1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.x86_64"
},
"product_reference": "python314-tk-3.14.0~rc1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.aarch64"
},
"product_reference": "python314-x86-64-v3-3.14.0~rc1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.ppc64le"
},
"product_reference": "python314-x86-64-v3-3.14.0~rc1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.s390x"
},
"product_reference": "python314-x86-64-v3-3.14.0~rc1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-x86-64-v3-3.14.0~rc1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.x86_64"
},
"product_reference": "python314-x86-64-v3-3.14.0~rc1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8194"
}
],
"notes": [
{
"category": "general",
"text": "There is a defect in the CPython \"tarfile\" module affecting the \"TarFile\" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \"tarfile\" module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8194",
"url": "https://www.suse.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "SUSE Bug 1247249 for CVE-2025-8194",
"url": "https://bugzilla.suse.com/1247249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-curses-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-dbm-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-idle-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-tk-3.14.0~rc1-2.1.x86_64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.aarch64",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.ppc64le",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.s390x",
"openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~rc1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-8194"
}
]
}
OPENSUSE-SU-2025:15404-1
Vulnerability from csaf_opensuse - Published: 2025-08-03 00:00 - Updated: 2025-08-03 00:00Summary
python39-3.9.23-4.1 on GA media
Severity
Moderate
Notes
Title of the patch: python39-3.9.23-4.1 on GA media
Description of the patch: These are all security issues fixed in the python39-3.9.23-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15404
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python39-3.9.23-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-3.9.23-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-3.9.23-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-3.9.23-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-curses-3.9.23-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-curses-3.9.23-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-curses-3.9.23-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-curses-3.9.23-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-idle-3.9.23-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-idle-3.9.23-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-idle-3.9.23-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-idle-3.9.23-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-tk-3.9.23-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-tk-3.9.23-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-tk-3.9.23-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-tk-3.9.23-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python39-3.9.23-4.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python39-3.9.23-4.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15404",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15404-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8194/"
}
],
"title": "python39-3.9.23-4.1 on GA media",
"tracking": {
"current_release_date": "2025-08-03T00:00:00Z",
"generator": {
"date": "2025-08-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15404-1",
"initial_release_date": "2025-08-03T00:00:00Z",
"revision_history": [
{
"date": "2025-08-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python39-3.9.23-4.1.aarch64",
"product": {
"name": "python39-3.9.23-4.1.aarch64",
"product_id": "python39-3.9.23-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.23-4.1.aarch64",
"product": {
"name": "python39-curses-3.9.23-4.1.aarch64",
"product_id": "python39-curses-3.9.23-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.23-4.1.aarch64",
"product": {
"name": "python39-dbm-3.9.23-4.1.aarch64",
"product_id": "python39-dbm-3.9.23-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.23-4.1.aarch64",
"product": {
"name": "python39-idle-3.9.23-4.1.aarch64",
"product_id": "python39-idle-3.9.23-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.23-4.1.aarch64",
"product": {
"name": "python39-tk-3.9.23-4.1.aarch64",
"product_id": "python39-tk-3.9.23-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-3.9.23-4.1.ppc64le",
"product": {
"name": "python39-3.9.23-4.1.ppc64le",
"product_id": "python39-3.9.23-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.23-4.1.ppc64le",
"product": {
"name": "python39-curses-3.9.23-4.1.ppc64le",
"product_id": "python39-curses-3.9.23-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.23-4.1.ppc64le",
"product": {
"name": "python39-dbm-3.9.23-4.1.ppc64le",
"product_id": "python39-dbm-3.9.23-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.23-4.1.ppc64le",
"product": {
"name": "python39-idle-3.9.23-4.1.ppc64le",
"product_id": "python39-idle-3.9.23-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.23-4.1.ppc64le",
"product": {
"name": "python39-tk-3.9.23-4.1.ppc64le",
"product_id": "python39-tk-3.9.23-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-3.9.23-4.1.s390x",
"product": {
"name": "python39-3.9.23-4.1.s390x",
"product_id": "python39-3.9.23-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.23-4.1.s390x",
"product": {
"name": "python39-curses-3.9.23-4.1.s390x",
"product_id": "python39-curses-3.9.23-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.23-4.1.s390x",
"product": {
"name": "python39-dbm-3.9.23-4.1.s390x",
"product_id": "python39-dbm-3.9.23-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.23-4.1.s390x",
"product": {
"name": "python39-idle-3.9.23-4.1.s390x",
"product_id": "python39-idle-3.9.23-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.23-4.1.s390x",
"product": {
"name": "python39-tk-3.9.23-4.1.s390x",
"product_id": "python39-tk-3.9.23-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-3.9.23-4.1.x86_64",
"product": {
"name": "python39-3.9.23-4.1.x86_64",
"product_id": "python39-3.9.23-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.23-4.1.x86_64",
"product": {
"name": "python39-curses-3.9.23-4.1.x86_64",
"product_id": "python39-curses-3.9.23-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.23-4.1.x86_64",
"product": {
"name": "python39-dbm-3.9.23-4.1.x86_64",
"product_id": "python39-dbm-3.9.23-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.23-4.1.x86_64",
"product": {
"name": "python39-idle-3.9.23-4.1.x86_64",
"product_id": "python39-idle-3.9.23-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.23-4.1.x86_64",
"product": {
"name": "python39-tk-3.9.23-4.1.x86_64",
"product_id": "python39-tk-3.9.23-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.23-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-3.9.23-4.1.aarch64"
},
"product_reference": "python39-3.9.23-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.23-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-3.9.23-4.1.ppc64le"
},
"product_reference": "python39-3.9.23-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.23-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-3.9.23-4.1.s390x"
},
"product_reference": "python39-3.9.23-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.23-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-3.9.23-4.1.x86_64"
},
"product_reference": "python39-3.9.23-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.23-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-curses-3.9.23-4.1.aarch64"
},
"product_reference": "python39-curses-3.9.23-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.23-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-curses-3.9.23-4.1.ppc64le"
},
"product_reference": "python39-curses-3.9.23-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.23-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-curses-3.9.23-4.1.s390x"
},
"product_reference": "python39-curses-3.9.23-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.23-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-curses-3.9.23-4.1.x86_64"
},
"product_reference": "python39-curses-3.9.23-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.23-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.aarch64"
},
"product_reference": "python39-dbm-3.9.23-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.23-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.ppc64le"
},
"product_reference": "python39-dbm-3.9.23-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.23-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.s390x"
},
"product_reference": "python39-dbm-3.9.23-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.23-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.x86_64"
},
"product_reference": "python39-dbm-3.9.23-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.23-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-idle-3.9.23-4.1.aarch64"
},
"product_reference": "python39-idle-3.9.23-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.23-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-idle-3.9.23-4.1.ppc64le"
},
"product_reference": "python39-idle-3.9.23-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.23-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-idle-3.9.23-4.1.s390x"
},
"product_reference": "python39-idle-3.9.23-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.23-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-idle-3.9.23-4.1.x86_64"
},
"product_reference": "python39-idle-3.9.23-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.23-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-tk-3.9.23-4.1.aarch64"
},
"product_reference": "python39-tk-3.9.23-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.23-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-tk-3.9.23-4.1.ppc64le"
},
"product_reference": "python39-tk-3.9.23-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.23-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-tk-3.9.23-4.1.s390x"
},
"product_reference": "python39-tk-3.9.23-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.23-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-tk-3.9.23-4.1.x86_64"
},
"product_reference": "python39-tk-3.9.23-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8194"
}
],
"notes": [
{
"category": "general",
"text": "There is a defect in the CPython \"tarfile\" module affecting the \"TarFile\" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \"tarfile\" module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python39-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8194",
"url": "https://www.suse.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "SUSE Bug 1247249 for CVE-2025-8194",
"url": "https://bugzilla.suse.com/1247249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python39-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python39-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-curses-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-dbm-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-idle-3.9.23-4.1.x86_64",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.aarch64",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.ppc64le",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.s390x",
"openSUSE Tumbleweed:python39-tk-3.9.23-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-8194"
}
]
}
OPENSUSE-SU-2025:15407-1
Vulnerability from csaf_opensuse - Published: 2025-08-04 00:00 - Updated: 2025-08-04 00:00Summary
python311-3.11.13-4.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-3.11.13-4.1 on GA media
Description of the patch: These are all security issues fixed in the python311-3.11.13-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15407
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-3.11.13-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-3.11.13-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-3.11.13-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-3.11.13-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-curses-3.11.13-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-curses-3.11.13-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-curses-3.11.13-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-curses-3.11.13-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-idle-3.11.13-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-idle-3.11.13-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-idle-3.11.13-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-idle-3.11.13-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-tk-3.11.13-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-tk-3.11.13-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-tk-3.11.13-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-tk-3.11.13-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-3.11.13-4.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-3.11.13-4.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15407",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15407-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8194/"
}
],
"title": "python311-3.11.13-4.1 on GA media",
"tracking": {
"current_release_date": "2025-08-04T00:00:00Z",
"generator": {
"date": "2025-08-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15407-1",
"initial_release_date": "2025-08-04T00:00:00Z",
"revision_history": [
{
"date": "2025-08-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-3.11.13-4.1.aarch64",
"product": {
"name": "python311-3.11.13-4.1.aarch64",
"product_id": "python311-3.11.13-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-32bit-3.11.13-4.1.aarch64",
"product": {
"name": "python311-32bit-3.11.13-4.1.aarch64",
"product_id": "python311-32bit-3.11.13-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.13-4.1.aarch64",
"product": {
"name": "python311-curses-3.11.13-4.1.aarch64",
"product_id": "python311-curses-3.11.13-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.13-4.1.aarch64",
"product": {
"name": "python311-dbm-3.11.13-4.1.aarch64",
"product_id": "python311-dbm-3.11.13-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.13-4.1.aarch64",
"product": {
"name": "python311-idle-3.11.13-4.1.aarch64",
"product_id": "python311-idle-3.11.13-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.13-4.1.aarch64",
"product": {
"name": "python311-tk-3.11.13-4.1.aarch64",
"product_id": "python311-tk-3.11.13-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-x86-64-v3-3.11.13-4.1.aarch64",
"product": {
"name": "python311-x86-64-v3-3.11.13-4.1.aarch64",
"product_id": "python311-x86-64-v3-3.11.13-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-3.11.13-4.1.ppc64le",
"product": {
"name": "python311-3.11.13-4.1.ppc64le",
"product_id": "python311-3.11.13-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-32bit-3.11.13-4.1.ppc64le",
"product": {
"name": "python311-32bit-3.11.13-4.1.ppc64le",
"product_id": "python311-32bit-3.11.13-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.13-4.1.ppc64le",
"product": {
"name": "python311-curses-3.11.13-4.1.ppc64le",
"product_id": "python311-curses-3.11.13-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.13-4.1.ppc64le",
"product": {
"name": "python311-dbm-3.11.13-4.1.ppc64le",
"product_id": "python311-dbm-3.11.13-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.13-4.1.ppc64le",
"product": {
"name": "python311-idle-3.11.13-4.1.ppc64le",
"product_id": "python311-idle-3.11.13-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.13-4.1.ppc64le",
"product": {
"name": "python311-tk-3.11.13-4.1.ppc64le",
"product_id": "python311-tk-3.11.13-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-x86-64-v3-3.11.13-4.1.ppc64le",
"product": {
"name": "python311-x86-64-v3-3.11.13-4.1.ppc64le",
"product_id": "python311-x86-64-v3-3.11.13-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-3.11.13-4.1.s390x",
"product": {
"name": "python311-3.11.13-4.1.s390x",
"product_id": "python311-3.11.13-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-32bit-3.11.13-4.1.s390x",
"product": {
"name": "python311-32bit-3.11.13-4.1.s390x",
"product_id": "python311-32bit-3.11.13-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.13-4.1.s390x",
"product": {
"name": "python311-curses-3.11.13-4.1.s390x",
"product_id": "python311-curses-3.11.13-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.13-4.1.s390x",
"product": {
"name": "python311-dbm-3.11.13-4.1.s390x",
"product_id": "python311-dbm-3.11.13-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.13-4.1.s390x",
"product": {
"name": "python311-idle-3.11.13-4.1.s390x",
"product_id": "python311-idle-3.11.13-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.13-4.1.s390x",
"product": {
"name": "python311-tk-3.11.13-4.1.s390x",
"product_id": "python311-tk-3.11.13-4.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-x86-64-v3-3.11.13-4.1.s390x",
"product": {
"name": "python311-x86-64-v3-3.11.13-4.1.s390x",
"product_id": "python311-x86-64-v3-3.11.13-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-3.11.13-4.1.x86_64",
"product": {
"name": "python311-3.11.13-4.1.x86_64",
"product_id": "python311-3.11.13-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-32bit-3.11.13-4.1.x86_64",
"product": {
"name": "python311-32bit-3.11.13-4.1.x86_64",
"product_id": "python311-32bit-3.11.13-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.13-4.1.x86_64",
"product": {
"name": "python311-curses-3.11.13-4.1.x86_64",
"product_id": "python311-curses-3.11.13-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.13-4.1.x86_64",
"product": {
"name": "python311-dbm-3.11.13-4.1.x86_64",
"product_id": "python311-dbm-3.11.13-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.13-4.1.x86_64",
"product": {
"name": "python311-idle-3.11.13-4.1.x86_64",
"product_id": "python311-idle-3.11.13-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.13-4.1.x86_64",
"product": {
"name": "python311-tk-3.11.13-4.1.x86_64",
"product_id": "python311-tk-3.11.13-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-x86-64-v3-3.11.13-4.1.x86_64",
"product": {
"name": "python311-x86-64-v3-3.11.13-4.1.x86_64",
"product_id": "python311-x86-64-v3-3.11.13-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.13-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-3.11.13-4.1.aarch64"
},
"product_reference": "python311-3.11.13-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.13-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-3.11.13-4.1.ppc64le"
},
"product_reference": "python311-3.11.13-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.13-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-3.11.13-4.1.s390x"
},
"product_reference": "python311-3.11.13-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.13-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-3.11.13-4.1.x86_64"
},
"product_reference": "python311-3.11.13-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-32bit-3.11.13-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.aarch64"
},
"product_reference": "python311-32bit-3.11.13-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-32bit-3.11.13-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.ppc64le"
},
"product_reference": "python311-32bit-3.11.13-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-32bit-3.11.13-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.s390x"
},
"product_reference": "python311-32bit-3.11.13-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-32bit-3.11.13-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.x86_64"
},
"product_reference": "python311-32bit-3.11.13-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.13-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-curses-3.11.13-4.1.aarch64"
},
"product_reference": "python311-curses-3.11.13-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.13-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-curses-3.11.13-4.1.ppc64le"
},
"product_reference": "python311-curses-3.11.13-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.13-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-curses-3.11.13-4.1.s390x"
},
"product_reference": "python311-curses-3.11.13-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-curses-3.11.13-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-curses-3.11.13-4.1.x86_64"
},
"product_reference": "python311-curses-3.11.13-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-dbm-3.11.13-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.aarch64"
},
"product_reference": "python311-dbm-3.11.13-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-dbm-3.11.13-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.ppc64le"
},
"product_reference": "python311-dbm-3.11.13-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-dbm-3.11.13-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.s390x"
},
"product_reference": "python311-dbm-3.11.13-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-dbm-3.11.13-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.x86_64"
},
"product_reference": "python311-dbm-3.11.13-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idle-3.11.13-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-idle-3.11.13-4.1.aarch64"
},
"product_reference": "python311-idle-3.11.13-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idle-3.11.13-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-idle-3.11.13-4.1.ppc64le"
},
"product_reference": "python311-idle-3.11.13-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idle-3.11.13-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-idle-3.11.13-4.1.s390x"
},
"product_reference": "python311-idle-3.11.13-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idle-3.11.13-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-idle-3.11.13-4.1.x86_64"
},
"product_reference": "python311-idle-3.11.13-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-tk-3.11.13-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-tk-3.11.13-4.1.aarch64"
},
"product_reference": "python311-tk-3.11.13-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-tk-3.11.13-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-tk-3.11.13-4.1.ppc64le"
},
"product_reference": "python311-tk-3.11.13-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-tk-3.11.13-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-tk-3.11.13-4.1.s390x"
},
"product_reference": "python311-tk-3.11.13-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-tk-3.11.13-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-tk-3.11.13-4.1.x86_64"
},
"product_reference": "python311-tk-3.11.13-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-x86-64-v3-3.11.13-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.aarch64"
},
"product_reference": "python311-x86-64-v3-3.11.13-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-x86-64-v3-3.11.13-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.ppc64le"
},
"product_reference": "python311-x86-64-v3-3.11.13-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-x86-64-v3-3.11.13-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.s390x"
},
"product_reference": "python311-x86-64-v3-3.11.13-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-x86-64-v3-3.11.13-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.x86_64"
},
"product_reference": "python311-x86-64-v3-3.11.13-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8194"
}
],
"notes": [
{
"category": "general",
"text": "There is a defect in the CPython \"tarfile\" module affecting the \"TarFile\" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \"tarfile\" module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8194",
"url": "https://www.suse.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "SUSE Bug 1247249 for CVE-2025-8194",
"url": "https://bugzilla.suse.com/1247249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-32bit-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-curses-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-dbm-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-idle-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-tk-3.11.13-4.1.x86_64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.aarch64",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.ppc64le",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.s390x",
"openSUSE Tumbleweed:python311-x86-64-v3-3.11.13-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-8194"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…