Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-9086 (GCVE-0-2025-9086)
Vulnerability from cvelistv5 – Published: 2025-09-12 05:10 – Updated: 2026-01-08 09:51
VLAI
EPSS
Title
Out of bounds read for cookie path
Summary
1. A cookie is set using the `secure` keyword for `https://target`
2. curl is redirected to or otherwise made to speak with `http://target` (same
hostname, but using clear text HTTP) using the same cookie set
3. The same cookie name is set - but with just a slash as path (`path=\"/\",`).
Since this site is not secure, the cookie *should* just be ignored.
4. A bug in the path comparison logic makes curl read outside a heap buffer
boundary
The bug either causes a crash or it potentially makes the comparison come to
the wrong conclusion and lets the clear-text site override the contents of the
secure cookie, contrary to expectations and depending on the memory contents
immediately following the single-byte allocation that holds the path.
The presumed and correct behavior would be to plainly ignore the second set of
the cookie since it was already set as secure on a secure host so overriding
it on an insecure host should not be okay.
Severity
7.5 (High)
Assigner
References
Impacted products
Credits
Google Big Sleep
Daniel Stenberg
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T17:15:47.921625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T17:16:20.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-05T02:47:38.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/10/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.15.0",
"status": "affected",
"version": "8.15.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.14.1",
"status": "affected",
"version": "8.14.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.14.0",
"status": "affected",
"version": "8.14.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.13.0",
"status": "affected",
"version": "8.13.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Stenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T09:51:46.552Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2025-9086.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2025-9086.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/3294999"
}
],
"title": "Out of bounds read for cookie path"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2025-9086",
"datePublished": "2025-09-12T05:10:03.815Z",
"dateReserved": "2025-08-16T05:40:23.800Z",
"dateUpdated": "2026-01-08T09:51:46.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-9086",
"date": "2026-05-30",
"epss": "0.00102",
"percentile": "0.27657"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-9086\",\"sourceIdentifier\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"published\":\"2025-09-12T06:15:44.100\",\"lastModified\":\"2026-01-20T14:58:01.347\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"1. A cookie is set using the `secure` keyword for `https://target` \\n 2. curl is redirected to or otherwise made to speak with `http://target` (same \\n hostname, but using clear text HTTP) using the same cookie set \\n 3. The same cookie name is set - but with just a slash as path (`path=\\\\\\\"/\\\\\\\",`).\\n Since this site is not secure, the cookie *should* just be ignored.\\n4. A bug in the path comparison logic makes curl read outside a heap buffer\\n boundary\\n\\nThe bug either causes a crash or it potentially makes the comparison come to\\nthe wrong conclusion and lets the clear-text site override the contents of the\\nsecure cookie, contrary to expectations and depending on the memory contents\\nimmediately following the single-byte allocation that holds the path.\\n\\nThe presumed and correct behavior would be to plainly ignore the second set of\\nthe cookie since it was already set as secure on a secure host so overriding\\nit on an insecure host should not be okay.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.13.0\",\"versionEndExcluding\":\"8.16.0\",\"matchCriteriaId\":\"4979D5F1-8D49-4EC0-AC6B-230636A10C34\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://curl.se/docs/CVE-2025-9086.html\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\",\"Patch\"]},{\"url\":\"https://curl.se/docs/CVE-2025-9086.json\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/3294999\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/09/10/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\",\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/09/10/1\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-01-05T02:47:38.406Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9086\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-12T17:15:47.921625Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-12T17:16:09.204Z\"}}], \"cna\": {\"title\": \"Out of bounds read for cookie path\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Google Big Sleep\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Daniel Stenberg\"}], \"affected\": [{\"vendor\": \"curl\", \"product\": \"curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.15.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.15.0\"}, {\"status\": \"affected\", \"version\": \"8.14.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.14.1\"}, {\"status\": \"affected\", \"version\": \"8.14.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.14.0\"}, {\"status\": \"affected\", \"version\": \"8.13.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.13.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://curl.se/docs/CVE-2025-9086.json\", \"name\": \"json\"}, {\"url\": \"https://curl.se/docs/CVE-2025-9086.html\", \"name\": \"www\"}, {\"url\": \"https://hackerone.com/reports/3294999\", \"name\": \"issue\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"1. A cookie is set using the `secure` keyword for `https://target` \\n 2. curl is redirected to or otherwise made to speak with `http://target` (same \\n hostname, but using clear text HTTP) using the same cookie set \\n 3. The same cookie name is set - but with just a slash as path (`path=\\\\\\\"/\\\\\\\",`).\\n Since this site is not secure, the cookie *should* just be ignored.\\n4. A bug in the path comparison logic makes curl read outside a heap buffer\\n boundary\\n\\nThe bug either causes a crash or it potentially makes the comparison come to\\nthe wrong conclusion and lets the clear-text site override the contents of the\\nsecure cookie, contrary to expectations and depending on the memory contents\\nimmediately following the single-byte allocation that holds the path.\\n\\nThe presumed and correct behavior would be to plainly ignore the second set of\\nthe cookie since it was already set as secure on a secure host so overriding\\nit on an insecure host should not be okay.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"shortName\": \"curl\", \"dateUpdated\": \"2026-01-08T09:51:46.552Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-9086\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-08T09:51:46.552Z\", \"dateReserved\": \"2025-08-16T05:40:23.800Z\", \"assignerOrgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"datePublished\": \"2025-09-12T05:10:03.815Z\", \"assignerShortName\": \"curl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
MSRC_CVE-2025-9086
Vulnerability from csaf_microsoft - Published: 2025-09-02 00:00 - Updated: 2026-02-18 02:38Summary
Out of bounds read for cookie path
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-20 | — |
None Available
|
|
| Unresolved product id: 17086-15 | — |
None Available
|
|
| Unresolved product id: 17086-16 | — |
None Available
|
|
| Unresolved product id: 17086-11 | — |
None Available
|
|
| Unresolved product id: 17084-14 | — |
None Available
|
|
| Unresolved product id: 17086-17 | — |
None Available
|
|
| Unresolved product id: 17086-9 | — |
None Available
|
|
| Unresolved product id: 17084-7 | — |
None Available
|
|
| Unresolved product id: 17086-5 | — |
None Available
|
|
| Unresolved product id: 17086-8 | — |
None Available
|
|
| Unresolved product id: 17084-6 | — |
None Available
|
Known not affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-18 | — | ||
| Unresolved product id: 17084-10 | — | ||
| Unresolved product id: 17084-12 | — | ||
| Unresolved product id: 17084-13 | — | ||
| Unresolved product id: 17084-21 | — | ||
| Unresolved product id: 17084-4 | — | ||
| Unresolved product id: 17086-3 | — | ||
| Unresolved product id: 17086-2 | — | ||
| Unresolved product id: 17086-19 | — | ||
| Unresolved product id: 17086-22 | — | ||
| Unresolved product id: 17084-1 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 Out of bounds read for cookie path - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-9086.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Out of bounds read for cookie path",
"tracking": {
"current_release_date": "2026-02-18T02:38:38.000Z",
"generator": {
"date": "2026-02-18T08:13:03.976Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-9086",
"initial_release_date": "2025-09-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-13T01:05:35.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-06T14:37:40.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-02-18T01:49:09.000Z",
"legacy_version": "2.1",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-02-18T02:38:38.000Z",
"legacy_version": "3",
"number": "4",
"summary": "Information published."
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 curl 8.11.1-3",
"product": {
"name": "azl3 curl 8.11.1-3",
"product_id": "20"
}
},
{
"category": "product_version_range",
"name": "cbl2 curl 8.8.0-6",
"product": {
"name": "cbl2 curl 8.8.0-6",
"product_id": "16"
}
},
{
"category": "product_version_range",
"name": "azl3 curl 8.11.1-4",
"product": {
"name": "azl3 curl 8.11.1-4",
"product_id": "7"
}
},
{
"category": "product_version_range",
"name": "cbl2 curl 8.8.0-7",
"product": {
"name": "cbl2 curl 8.8.0-7",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "curl"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 cmake 3.21.4-18",
"product": {
"name": "cbl2 cmake 3.21.4-18",
"product_id": "15"
}
},
{
"category": "product_version_range",
"name": "azl3 cmake 3.30.3-9",
"product": {
"name": "azl3 cmake 3.30.3-9",
"product_id": "14"
}
},
{
"category": "product_version_range",
"name": "cbl2 cmake 3.21.4-19",
"product": {
"name": "cbl2 cmake 3.21.4-19",
"product_id": "9"
}
},
{
"category": "product_version_range",
"name": "cbl2 cmake 3.21.4-20",
"product": {
"name": "cbl2 cmake 3.21.4-20",
"product_id": "5"
}
},
{
"category": "product_version_range",
"name": "azl3 cmake 3.30.3-10",
"product": {
"name": "azl3 cmake 3.30.3-10",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "cmake"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 mysql 8.0.43-1",
"product": {
"name": "cbl2 mysql 8.0.43-1",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "mysql"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 rust 1.72.0-10",
"product": {
"name": "cbl2 rust 1.72.0-10",
"product_id": "17"
}
}
],
"category": "product_name",
"name": "rust"
},
{
"category": "product_name",
"name": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "cbl2 tensorflow 2.11.1-2",
"product_id": "18"
}
},
{
"category": "product_name",
"name": "azl3 mysql 8.0.43-1",
"product": {
"name": "azl3 mysql 8.0.43-1",
"product_id": "10"
}
},
{
"category": "product_name",
"name": "azl3 rust 1.75.0-18",
"product": {
"name": "azl3 rust 1.75.0-18",
"product_id": "12"
}
},
{
"category": "product_name",
"name": "azl3 rust 1.86.0-6",
"product": {
"name": "azl3 rust 1.86.0-6",
"product_id": "13"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "21"
}
},
{
"category": "product_name",
"name": "azl3 curl 8.11.1-5",
"product": {
"name": "azl3 curl 8.11.1-5",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "cbl2 cmake 3.21.4-21",
"product": {
"name": "cbl2 cmake 3.21.4-21",
"product_id": "3"
}
},
{
"category": "product_name",
"name": "cbl2 curl 8.8.0-8",
"product": {
"name": "cbl2 curl 8.8.0-8",
"product_id": "2"
}
},
{
"category": "product_name",
"name": "cbl2 mysql 8.0.43-1",
"product": {
"name": "cbl2 mysql 8.0.43-1",
"product_id": "19"
}
},
{
"category": "product_name",
"name": "cbl2 rust 1.72.0-10",
"product": {
"name": "cbl2 rust 1.72.0-10",
"product_id": "22"
}
},
{
"category": "product_name",
"name": "azl3 cmake 3.30.3-11",
"product": {
"name": "azl3 cmake 3.30.3-11",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 curl 8.11.1-3 as a component of Azure Linux 3.0",
"product_id": "17084-20"
},
"product_reference": "20",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cmake 3.21.4-18 as a component of CBL Mariner 2.0",
"product_id": "17086-15"
},
"product_reference": "15",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 curl 8.8.0-6 as a component of CBL Mariner 2.0",
"product_id": "17086-16"
},
"product_reference": "16",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 mysql 8.0.43-1 as a component of CBL Mariner 2.0",
"product_id": "17086-11"
},
"product_reference": "11",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cmake 3.30.3-9 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rust 1.72.0-10 as a component of CBL Mariner 2.0",
"product_id": "17086-17"
},
"product_reference": "17",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tensorflow 2.11.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-18"
},
"product_reference": "18",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 mysql 8.0.43-1 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.75.0-18 as a component of Azure Linux 3.0",
"product_id": "17084-12"
},
"product_reference": "12",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.86.0-6 as a component of Azure Linux 3.0",
"product_id": "17084-13"
},
"product_reference": "13",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-21"
},
"product_reference": "21",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cmake 3.21.4-19 as a component of CBL Mariner 2.0",
"product_id": "17086-9"
},
"product_reference": "9",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 curl 8.11.1-4 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cmake 3.21.4-20 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 curl 8.11.1-5 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cmake 3.21.4-21 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 curl 8.8.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 mysql 8.0.43-1 as a component of CBL Mariner 2.0",
"product_id": "17086-19"
},
"product_reference": "19",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rust 1.72.0-10 as a component of CBL Mariner 2.0",
"product_id": "17086-22"
},
"product_reference": "22",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 curl 8.8.0-7 as a component of CBL Mariner 2.0",
"product_id": "17086-8"
},
"product_reference": "8",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cmake 3.30.3-10 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cmake 3.30.3-11 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9086",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17086-18",
"17084-21",
"17084-4",
"17086-3",
"17086-2",
"17084-1"
]
},
{
"label": "vulnerable_code_not_in_execute_path",
"product_ids": [
"17084-12",
"17084-13",
"17086-22"
]
},
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17084-10",
"17086-19"
]
}
],
"notes": [
{
"category": "general",
"text": "curl",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-20",
"17086-15",
"17086-16",
"17086-11",
"17084-14",
"17086-17",
"17086-9",
"17084-7",
"17086-5",
"17086-8",
"17084-6"
],
"known_not_affected": [
"17086-18",
"17084-10",
"17084-12",
"17084-13",
"17084-21",
"17084-4",
"17086-3",
"17086-2",
"17086-19",
"17086-22",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 Out of bounds read for cookie path - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-9086.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-20"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-15"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-16"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-11"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-14"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-17"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-9"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-7"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-5"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-8"
]
},
{
"category": "none_available",
"date": "2025-09-13T01:05:35.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-20",
"17086-15",
"17086-16",
"17086-11",
"17084-14",
"17086-17",
"17086-9",
"17084-7",
"17086-5",
"17086-8",
"17084-6"
]
}
],
"title": "Out of bounds read for cookie path"
}
]
}
NCSC-2025-0330
Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:20 - Updated: 2025-10-23 13:20Summary
Kwetsbaarheden verholpen in Oracle Communications producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.
Interpretaties: De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden variëren van 3.1 tot 9.8, wat wijst op een breed scala aan risico's, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23: Relative Path Traversal
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121: Stack-based Buffer Overflow
CWE-122: Heap-based Buffer Overflow
CWE-124: Buffer Underwrite ('Buffer Underflow')
CWE-125: Out-of-bounds Read
CWE-129: Improper Validation of Array Index
CWE-130: Improper Handling of Length Parameter Inconsistency
CWE-147: Improper Neutralization of Input Terminators
CWE-190: Integer Overflow or Wraparound
CWE-197: Numeric Truncation Error
CWE-241: Improper Handling of Unexpected Data Type
CWE-252: Unchecked Return Value
CWE-253: Incorrect Check of Function Return Value
CWE-284: Improper Access Control
CWE-287: Improper Authentication
CWE-290: Authentication Bypass by Spoofing
CWE-328: Use of Weak Hash
CWE-385: Covert Timing Channel
CWE-390: Detection of Error Condition Without Action
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-407: Inefficient Algorithmic Complexity
CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
CWE-415: Double Free
CWE-416: Use After Free
CWE-426: Untrusted Search Path
CWE-440: Expected Behavior Violation
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476: NULL Pointer Dereference
CWE-674: Uncontrolled Recursion
CWE-697: Incorrect Comparison
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-789: Memory Allocation with Excessive Size Value
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-918: Server-Side Request Forgery (SSRF)
CWE-937: CWE-937
CWE-1035: CWE-1035
CWE-1284: Improper Validation of Specified Quantity in Input
CWE-1333: Inefficient Regular Expression Complexity
Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.
6.4 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.
8.2 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.
4.4 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.
5.3 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.
9.1 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.
9.1 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.
5.9 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.
6.5 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.
9.4 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.
8.4 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The 'MadeYouReset' vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.
5.4 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl's WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.
CWE-1333 - Inefficient Regular Expression ComplexityAffected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.
9.8 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.
CWE-241 - Improper Handling of Unexpected Data TypeAffected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.
7.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.
7.0 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.
7.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications' Cloud Native Environment has a non-exploitable Security-in-Depth issue.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.
5.3 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.
8.1 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.
7.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.
4.3 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS's certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle's flaw.
8.2 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
8.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
6.5 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.
9.1 (Critical)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.
8.6 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.
5.8 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.
6.5 (Medium)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.
8.8 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server's Perl component but is not exploitable.
7.5 (High)
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications Cloud Native Core Console
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Management Cloud Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Calendar Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Automated Test Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Binding Support Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Certificate Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core DBTier
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Repository Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Policy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Service Communication Proxy
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Cloud Native Core Unified Data Repository
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Converged Charging System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Convergent Charging Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Diameter Signaling Router
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE Element Management System
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications EAGLE LNP Application Processor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications LSMS
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Messaging Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Charging and Control
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Offline Mediation Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Service Catalog and Design
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Operations Monitor
|
vers:unknown/* |
References
51 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden vari\u00ebren van 3.1 tot 9.8, wat wijst op een breed scala aan risico\u0027s, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2025-10-23T13:20:15.363063Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0330",
"initial_release_date": "2025-10-23T13:20:15.363063Z",
"revision_history": [
{
"date": "2025-10-23T13:20:15.363063Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications Cloud Native Core Console"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Management Cloud Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications Calendar Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Automated Test Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Binding Support Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Certificate Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core DBTier"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Repository Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Slice Selection Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Policy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Service Communication Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Unified Data Repository"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Converged Charging System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergent Charging Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Oracle Communications Diameter Signaling Router"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE Element Management System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE LNP Application Processor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Oracle Communications LSMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "Oracle Communications Messaging Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Charging and Control"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "Oracle Communications Offline Mediation Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "Oracle Communications Service Catalog and Design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Operations Monitor"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26555",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26555 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-26555.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2023-26555"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-8006",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8006 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-8006"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-35164",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35164 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-35164.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-35164"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37371 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-50609",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50609.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-50609"
},
{
"cve": "CVE-2024-51504",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "description",
"text": "Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-51504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-1948"
},
{
"cve": "CVE-2025-3576",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "description",
"text": "Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-3576 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3576.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-3576"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4373 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4373.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4802",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "description",
"text": "Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4802 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4802.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4802"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5399",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl\u0027s WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5399 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5399.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5399"
},
{
"cve": "CVE-2025-5889",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5889 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5889.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7339",
"cwe": {
"id": "CWE-241",
"name": "Improper Handling of Unexpected Data Type"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7339 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7339.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7339"
},
{
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7425 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7425"
},
{
"cve": "CVE-2025-7962",
"cwe": {
"id": "CWE-147",
"name": "Improper Neutralization of Input Terminators"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7962"
},
{
"cve": "CVE-2025-8058",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8058 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8058.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8058"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25724 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25724.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-25724"
},
{
"cve": "CVE-2025-27210",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications\u0027 Cloud Native Environment has a non-exploitable Security-in-Depth issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27210 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27210"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-27553",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27553 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27587",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "description",
"text": "OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27587 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27587.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27587"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-32728",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32728 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32728.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32728"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS\u0027s certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle\u0027s flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-53547",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53547 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53547.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53643 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53643.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54090",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"category": "other",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54090 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54090.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-54090"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-57803",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-57803 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57803.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-57803"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-59375"
}
]
}
NCSC-2025-0396
Vulnerability from csaf_ncscnl - Published: 2025-12-15 09:06 - Updated: 2025-12-15 09:06Summary
Kwetsbaarheden verholpen in Apple macOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apple heeft kwetsbaarheden verholpen in macOS Sonoma (14.8.3), macOS Sequoia (15.7.3) en macOS Tahoe (26.2).
Interpretaties: De kwetsbaarheden omvatten een breed scala aan problemen, waaronder geheugenbeschadiging, logboekproblemen, en ongeoorloofde toegang tot gevoelige gebruikersgegevens. Deze kwetsbaarheden konden worden misbruikt door kwaadwillenden om ongeautoriseerde toegang te verkrijgen of om de stabiliteit van het systeem in gevaar te brengen.
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren of bestand te openen.
Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-125: Out-of-bounds Read
CWE-190: Integer Overflow or Wraparound
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-275: CWE-275
CWE-280: Improper Handling of Insufficient Permissions or Privileges
CWE-284: Improper Access Control
CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
CWE-371: CWE-371
CWE-404: Improper Resource Shutdown or Release
CWE-416: Use After Free
CWE-451: User Interface (UI) Misrepresentation of Critical Information
CWE-456: Missing Initialization of a Variable
CWE-488: Exposure of Data Element to Wrong Session
CWE-524: Use of Cache Containing Sensitive Information
CWE-532: Insertion of Sensitive Information into Log File
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-862: Missing Authorization
CWE-1018: CWE-1018
Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.
6.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Chrome 129 and Microsoft Edge have multiple vulnerabilities, including remote code execution and denial of service risks, with specific issues like CVE-2024-8906 affecting Chrome's Downloads UI.
4.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.
6.6 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.
8.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 has resolved an issue where an app could bypass launch constraint protections and execute malicious code with elevated privileges by implementing additional logic.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.2 and macOS Sonoma 14.8.2 have resolved a cache handling issue that allowed physical access attackers to view deleted notes through improved cache management.
CWE-524 - Use of Cache Containing Sensitive InformationAffected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue related to access to protected user data through enhanced restrictions.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A configuration issue was resolved by implementing additional restrictions to enhance system security.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in macOS versions 14.8.3, 26.1, and 15.7.3 have resolved a parsing issue in directory path handling through enhanced path validation, potentially allowing apps to access sensitive user data.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved a denial-of-service vulnerability through enhanced input validation measures.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A buffer overflow vulnerability has been addressed through improved memory management techniques.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced data protection measures.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.
6.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a permissions issue by removing vulnerable code that allowed unauthorized access to sensitive location information.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The issue was addressed through improved cache management techniques.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a session management vulnerability that allowed users with Voice Control enabled to transcribe another user's activity through enhanced checks.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a privacy issue related to log entries by enhancing private data redaction, preventing unauthorized access to protected user data.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a permissions issue that previously allowed apps to access sensitive user data by implementing additional restrictions.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing additional code-signing restrictions to enhance user data protection.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing enhanced code-signing restrictions to protect user-sensitive data from unauthorized access.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 has resolved a permissions issue that previously allowed unauthorized access to sensitive user data by implementing additional restrictions.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The issue was addressed through the implementation of enhanced URL validation measures.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 has addressed a permissions issue that could allow apps to gain root privileges through additional restrictions.
7.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A race condition issue was effectively resolved through enhancements in state management, improving system reliability.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The issue was addressed through improvements in memory management techniques.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A type confusion vulnerability was effectively addressed through improved state management techniques.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The issue was addressed through improved cache management techniques.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue was resolved through the implementation of enhanced checks, improving the overall security posture.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The issue was addressed by implementing additional permissions checks to enhance security measures.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved a logic issue in file handling that could have allowed unauthorized access to protected user data.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
References
52 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in macOS Sonoma (14.8.3), macOS Sequoia (15.7.3) en macOS Tahoe (26.2).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten een breed scala aan problemen, waaronder geheugenbeschadiging, logboekproblemen, en ongeoorloofde toegang tot gevoelige gebruikersgegevens. Deze kwetsbaarheden konden worden misbruikt door kwaadwillenden om ongeautoriseerde toegang te verkrijgen of om de stabiliteit van het systeem in gevaar te brengen.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren of bestand te openen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "CWE-275",
"title": "CWE-275"
},
{
"category": "general",
"text": "Improper Handling of Insufficient Permissions or Privileges ",
"title": "CWE-280"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "general",
"text": "CWE-371",
"title": "CWE-371"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "general",
"text": "Missing Initialization of a Variable",
"title": "CWE-456"
},
{
"category": "general",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
},
{
"category": "general",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CWE-1018",
"title": "CWE-1018"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125886"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125887"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125888"
}
],
"title": "Kwetsbaarheden verholpen in Apple macOS",
"tracking": {
"current_release_date": "2025-12-15T09:06:36.450655Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0396",
"initial_release_date": "2025-12-15T09:06:36.450655Z",
"revision_history": [
{
"date": "2025-12-15T09:06:36.450655Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "macOS Sequoia"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "macOS Sonoma"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "macOS Tahoe"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7264",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7264 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7264.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-7264"
},
{
"cve": "CVE-2024-8906",
"notes": [
{
"category": "description",
"text": "Chrome 129 and Microsoft Edge have multiple vulnerabilities, including remote code execution and denial of service risks, with specific issues like CVE-2024-8906 affecting Chrome\u0027s Downloads UI.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8906.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-8906"
},
{
"cve": "CVE-2025-5918",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5918.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-5918"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43320",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 has resolved an issue where an app could bypass launch constraint protections and execute malicious code with elevated privileges by implementing additional logic.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43320 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43320.json"
}
],
"title": "CVE-2025-43320"
},
{
"cve": "CVE-2025-43410",
"cwe": {
"id": "CWE-524",
"name": "Use of Cache Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.2 and macOS Sonoma 14.8.2 have resolved a cache handling issue that allowed physical access attackers to view deleted notes through improved cache management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43410 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43410.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43410"
},
{
"cve": "CVE-2025-43416",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue related to access to protected user data through enhanced restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43416 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43416.json"
}
],
"title": "CVE-2025-43416"
},
{
"cve": "CVE-2025-43428",
"notes": [
{
"category": "description",
"text": "A configuration issue was resolved by implementing additional restrictions to enhance system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43428 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43428.json"
}
],
"title": "CVE-2025-43428"
},
{
"cve": "CVE-2025-43463",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS versions 14.8.3, 26.1, and 15.7.3 have resolved a parsing issue in directory path handling through enhanced path validation, potentially allowing apps to access sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43463 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43463.json"
}
],
"title": "CVE-2025-43463"
},
{
"cve": "CVE-2025-43482",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved a denial-of-service vulnerability through enhanced input validation measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43482 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43482.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43482"
},
{
"cve": "CVE-2025-43501",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability has been addressed through improved memory management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43501 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43501.json"
}
],
"title": "CVE-2025-43501"
},
{
"cve": "CVE-2025-43509",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced data protection measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43509 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43509.json"
}
],
"title": "CVE-2025-43509"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43511 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43511.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43511"
},
{
"cve": "CVE-2025-43512",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43512 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43512.json"
}
],
"title": "CVE-2025-43512"
},
{
"cve": "CVE-2025-43513",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a permissions issue by removing vulnerable code that allowed unauthorized access to sensitive location information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43513 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43513.json"
}
],
"title": "CVE-2025-43513"
},
{
"cve": "CVE-2025-43514",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improved cache management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43514 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43514.json"
}
],
"title": "CVE-2025-43514"
},
{
"cve": "CVE-2025-43516",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a session management vulnerability that allowed users with Voice Control enabled to transcribe another user\u0027s activity through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43516.json"
}
],
"title": "CVE-2025-43516"
},
{
"cve": "CVE-2025-43517",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a privacy issue related to log entries by enhancing private data redaction, preventing unauthorized access to protected user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43517.json"
}
],
"title": "CVE-2025-43517"
},
{
"cve": "CVE-2025-43518",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43518 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43518.json"
}
],
"title": "CVE-2025-43518"
},
{
"cve": "CVE-2025-43519",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a permissions issue that previously allowed apps to access sensitive user data by implementing additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43519 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43519.json"
}
],
"title": "CVE-2025-43519"
},
{
"cve": "CVE-2025-43521",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing additional code-signing restrictions to enhance user data protection.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43521 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43521.json"
}
],
"title": "CVE-2025-43521"
},
{
"cve": "CVE-2025-43522",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing enhanced code-signing restrictions to protect user-sensitive data from unauthorized access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43522 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43522.json"
}
],
"title": "CVE-2025-43522"
},
{
"cve": "CVE-2025-43523",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 has resolved a permissions issue that previously allowed unauthorized access to sensitive user data by implementing additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43523 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43523.json"
}
],
"title": "CVE-2025-43523"
},
{
"cve": "CVE-2025-43526",
"notes": [
{
"category": "description",
"text": "The issue was addressed through the implementation of enhanced URL validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43526 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43526.json"
}
],
"title": "CVE-2025-43526"
},
{
"cve": "CVE-2025-43527",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Insufficient Permissions or Privileges ",
"title": "CWE-280"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.3 has addressed a permissions issue that could allow apps to gain root privileges through additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43527 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43527.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43527"
},
{
"cve": "CVE-2025-43529",
"notes": [
{
"category": "description",
"text": "Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43530",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43530 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43530.json"
}
],
"title": "CVE-2025-43530"
},
{
"cve": "CVE-2025-43531",
"notes": [
{
"category": "description",
"text": "A race condition issue was effectively resolved through enhancements in state management, improving system reliability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43531 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43531.json"
}
],
"title": "CVE-2025-43531"
},
{
"cve": "CVE-2025-43532",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43532 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43532.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43532"
},
{
"cve": "CVE-2025-43533",
"notes": [
{
"category": "description",
"text": "Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-43535",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improvements in memory management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43535 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43535.json"
}
],
"title": "CVE-2025-43535"
},
{
"cve": "CVE-2025-43536",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43536 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43536.json"
}
],
"title": "CVE-2025-43536"
},
{
"cve": "CVE-2025-43538",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43538 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43538.json"
}
],
"title": "CVE-2025-43538"
},
{
"cve": "CVE-2025-43539",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43539 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43539.json"
}
],
"title": "CVE-2025-43539"
},
{
"cve": "CVE-2025-43541",
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was effectively addressed through improved state management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43541 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43541.json"
}
],
"title": "CVE-2025-43541"
},
{
"cve": "CVE-2025-43542",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43542 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43542.json"
}
],
"title": "CVE-2025-43542"
},
{
"cve": "CVE-2025-46276",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46276 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46276.json"
}
],
"title": "CVE-2025-46276"
},
{
"cve": "CVE-2025-46277",
"notes": [
{
"category": "description",
"text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46277 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46277.json"
}
],
"title": "CVE-2025-46277"
},
{
"cve": "CVE-2025-46278",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improved cache management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46278 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46278.json"
}
],
"title": "CVE-2025-46278"
},
{
"cve": "CVE-2025-46279",
"notes": [
{
"category": "description",
"text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46279 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46279.json"
}
],
"title": "CVE-2025-46279"
},
{
"cve": "CVE-2025-46281",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved through the implementation of enhanced checks, improving the overall security posture.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46281 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46281.json"
}
],
"title": "CVE-2025-46281"
},
{
"cve": "CVE-2025-46282",
"notes": [
{
"category": "description",
"text": "The issue was addressed by implementing additional permissions checks to enhance security measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46282 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46282.json"
}
],
"title": "CVE-2025-46282"
},
{
"cve": "CVE-2025-46283",
"notes": [
{
"category": "description",
"text": "A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46283 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46283.json"
}
],
"title": "CVE-2025-46283"
},
{
"cve": "CVE-2025-46285",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46285 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46285.json"
}
],
"title": "CVE-2025-46285"
},
{
"cve": "CVE-2025-46287",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46287 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46287.json"
}
],
"title": "CVE-2025-46287"
},
{
"cve": "CVE-2025-46288",
"notes": [
{
"category": "description",
"text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46288 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46288.json"
}
],
"title": "CVE-2025-46288"
},
{
"cve": "CVE-2025-46289",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved a logic issue in file handling that could have allowed unauthorized access to protected user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46289 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46289.json"
}
],
"title": "CVE-2025-46289"
},
{
"cve": "CVE-2025-46291",
"notes": [
{
"category": "description",
"text": "A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46291 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46291.json"
}
],
"title": "CVE-2025-46291"
}
]
}
NCSC-2025-0397
Vulnerability from csaf_ncscnl - Published: 2025-12-15 09:08 - Updated: 2025-12-15 09:08Summary
Kwetsbaarheden verholpen in Apple iOS en iPadOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apple heeft kwetsbaarheden verholpen in iOS en iPadOS (versies 18.7.3 en 26.2)
Interpretaties: De kwetsbaarheden omvatten onder andere een use-after-free probleem, een geheugenbeschadiging, en een logboekprobleem dat ongeautoriseerde toegang tot gevoelige gebruikersdata mogelijk maakte. Deze kwetsbaarheden konden worden uitgebuit door kwaadwillenden via speciaal vervaardigde gegevens of door misbruik van de loggingmechanismen. De fixes omvatten verbeterde geheugenbeheerpraktijken en strengere controles om de integriteit van gebruikersgegevens te waarborgen.
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren, een malafide bestand te openen of link te volgen.
Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-125: Out-of-bounds Read
CWE-190: Integer Overflow or Wraparound
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-371: CWE-371
CWE-416: Use After Free
CWE-451: User Interface (UI) Misrepresentation of Critical Information
CWE-456: Missing Initialization of a Variable
Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.
6.6 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A configuration issue was resolved by implementing additional restrictions to enhance system security.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A buffer overflow vulnerability has been addressed through improved memory management techniques.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A race condition issue was effectively resolved through enhancements in state management, improving system reliability.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
The issue was addressed through improvements in memory management techniques.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A type confusion vulnerability was effectively addressed through improved state management techniques.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
The issue was resolved through the implementation of additional entitlement checks to enhance security measures.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS, iPadOS
|
vers:unknown/* |
References
30 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in iOS en iPadOS (versies 18.7.3 en 26.2)",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten onder andere een use-after-free probleem, een geheugenbeschadiging, en een logboekprobleem dat ongeautoriseerde toegang tot gevoelige gebruikersdata mogelijk maakte. Deze kwetsbaarheden konden worden uitgebuit door kwaadwillenden via speciaal vervaardigde gegevens of door misbruik van de loggingmechanismen. De fixes omvatten verbeterde geheugenbeheerpraktijken en strengere controles om de integriteit van gebruikersgegevens te waarborgen.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren, een malafide bestand te openen of link te volgen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "CWE-371",
"title": "CWE-371"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "general",
"text": "Missing Initialization of a Variable",
"title": "CWE-456"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125884"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125885"
}
],
"title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
"tracking": {
"current_release_date": "2025-12-15T09:08:39.804149Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0397",
"initial_release_date": "2025-12-15T09:08:39.804149Z",
"revision_history": [
{
"date": "2025-12-15T09:08:39.804149Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "iOS, iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7264",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7264 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7264.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2024-7264"
},
{
"cve": "CVE-2025-5918",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5918.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-5918"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43428",
"notes": [
{
"category": "description",
"text": "A configuration issue was resolved by implementing additional restrictions to enhance system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43428 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43428.json"
}
],
"title": "CVE-2025-43428"
},
{
"cve": "CVE-2025-43475",
"notes": [
{
"category": "description",
"text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43475 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43475.json"
}
],
"title": "CVE-2025-43475"
},
{
"cve": "CVE-2025-43501",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability has been addressed through improved memory management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43501 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43501.json"
}
],
"title": "CVE-2025-43501"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43511 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43511.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-43511"
},
{
"cve": "CVE-2025-43512",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43512 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43512.json"
}
],
"title": "CVE-2025-43512"
},
{
"cve": "CVE-2025-43518",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43518 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43518.json"
}
],
"title": "CVE-2025-43518"
},
{
"cve": "CVE-2025-43529",
"notes": [
{
"category": "description",
"text": "Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43530",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43530 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43530.json"
}
],
"title": "CVE-2025-43530"
},
{
"cve": "CVE-2025-43531",
"notes": [
{
"category": "description",
"text": "A race condition issue was effectively resolved through enhancements in state management, improving system reliability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43531 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43531.json"
}
],
"title": "CVE-2025-43531"
},
{
"cve": "CVE-2025-43532",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43532 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43532.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-43532"
},
{
"cve": "CVE-2025-43533",
"notes": [
{
"category": "description",
"text": "Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-43535",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improvements in memory management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43535 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43535.json"
}
],
"title": "CVE-2025-43535"
},
{
"cve": "CVE-2025-43536",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43536 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43536.json"
}
],
"title": "CVE-2025-43536"
},
{
"cve": "CVE-2025-43538",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43538 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43538.json"
}
],
"title": "CVE-2025-43538"
},
{
"cve": "CVE-2025-43539",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43539 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43539.json"
}
],
"title": "CVE-2025-43539"
},
{
"cve": "CVE-2025-43541",
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was effectively addressed through improved state management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43541 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43541.json"
}
],
"title": "CVE-2025-43541"
},
{
"cve": "CVE-2025-43542",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43542 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43542.json"
}
],
"title": "CVE-2025-43542"
},
{
"cve": "CVE-2025-46276",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46276 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46276.json"
}
],
"title": "CVE-2025-46276"
},
{
"cve": "CVE-2025-46277",
"notes": [
{
"category": "description",
"text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46277 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46277.json"
}
],
"title": "CVE-2025-46277"
},
{
"cve": "CVE-2025-46279",
"notes": [
{
"category": "description",
"text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46279 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46279.json"
}
],
"title": "CVE-2025-46279"
},
{
"cve": "CVE-2025-46285",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46285 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46285.json"
}
],
"title": "CVE-2025-46285"
},
{
"cve": "CVE-2025-46287",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46287 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46287.json"
}
],
"title": "CVE-2025-46287"
},
{
"cve": "CVE-2025-46288",
"notes": [
{
"category": "description",
"text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46288 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46288.json"
}
],
"title": "CVE-2025-46288"
},
{
"cve": "CVE-2025-46292",
"notes": [
{
"category": "description",
"text": "The issue was resolved through the implementation of additional entitlement checks to enhance security measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46292 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46292.json"
}
],
"title": "CVE-2025-46292"
}
]
}
NCSC-2026-0020
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:18 - Updated: 2026-01-21 09:18Summary
Kwetsbaarheden verholpen in Oracle Commerce
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle WebLogic Server en Oracle Commerce producten
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een gedeeltelijke Denial-of-Service te veroorzaken via HTTP. Dit kan leiden tot systeemuitval en verstoring van de dienstverlening. Daarnaast is er een kritieke XML External Entity (XXE) injectie kwetsbaarheid in de Apache Tika framework die de PDF-parsing functionaliteit beïnvloedt, wat kan leiden tot gevoelige informatie openbaarmaking of zelfs remote code execution.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-125: Out-of-bounds Read
CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-404: Improper Resource Shutdown or Release
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-863: Incorrect Authorization
CWE-937: CWE-937
CWE-1035: CWE-1035
Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Recent updates for various Java platforms, including OpenJDK and IBM, address critical security vulnerabilities related to heap corruption and TLS protections, while also enhancing scripting support and HTTP client handling.
8.6 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.
5.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
10.0 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Commerce
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Guided Search
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Commerce Platform
|
vers:unknown/* |
References
7 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle WebLogic Server en Oracle Commerce producten",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een gedeeltelijke Denial-of-Service te veroorzaken via HTTP. Dit kan leiden tot systeemuitval en verstoring van de dienstverlening. Daarnaast is er een kritieke XML External Entity (XXE) injectie kwetsbaarheid in de Apache Tika framework die de PDF-parsing functionaliteit be\u00efnvloedt, wat kan leiden tot gevoelige informatie openbaarmaking of zelfs remote code execution.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Commerce",
"tracking": {
"current_release_date": "2026-01-21T09:18:16.268788Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0020",
"initial_release_date": "2026-01-21T09:18:16.268788Z",
"revision_history": [
{
"date": "2026-01-21T09:18:16.268788Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Commerce"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Guided Search"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Platform"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-50059",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates for various Java platforms, including OpenJDK and IBM, address critical security vulnerabilities related to heap corruption and TLS protections, while also enhancing scripting support and HTTP client handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50059 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50059.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-50059"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-66516"
}
]
}
NCSC-2026-0023
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:27 - Updated: 2026-01-21 09:27Summary
Kwetsbaarheden verholpen in Oracle PeopleSoft
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en deze te wijzigen. Dit kan leiden tot ongeautoriseerde toegang en aanpassingen aan kritieke data, met CVSS-scores variërend van 5.4 tot 10.0, wat wijst op een gematigd tot significant risico voor de vertrouwelijkheid en integriteit van de gegevens.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-125: Out-of-bounds Read
CWE-197: Numeric Truncation Error
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-937: CWE-937
CWE-1035: CWE-1035
Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.
9.8 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.
7.5 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.
7.5 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Recent vulnerabilities in Oracle JD Edwards and Node.js expose critical data and sensitive information, with CVSS scores indicating significant risk, particularly for Windows users and specific device names.
7.5 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.
7.5 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
10.0 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Push Notifications component affects versions 8.60, 8.61, and 8.62, allowing low-privileged attackers to exploit it via HTTP, potentially leading to unauthorized data access and modifications.
5.4 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing significant risks to data confidentiality and integrity.
6.1 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Integration Broker component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications.
6.1 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise HCM Human Resources product (version 9.2) allows unauthenticated attackers to compromise the system, with a CVSS score of 6.1 indicating risks to confidentiality and integrity.
6.1 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 allows low-privileged attackers to compromise the system, potentially leading to unauthorized data access and modifications, with a CVSS score of 5.4.
5.4 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* |
References
13 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en deze te wijzigen. Dit kan leiden tot ongeautoriseerde toegang en aanpassingen aan kritieke data, met CVSS-scores vari\u00ebrend van 5.4 tot 10.0, wat wijst op een gematigd tot significant risico voor de vertrouwelijkheid en integriteit van de gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle PeopleSoft",
"tracking": {
"current_release_date": "2026-01-21T09:27:58.715578Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0023",
"initial_release_date": "2026-01-21T09:27:58.715578Z",
"revision_history": [
{
"date": "2026-01-21T09:27:58.715578Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "PeopleSoft"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise HCM Human Resources"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise PeopleTools"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise SCM Purchasing"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-27210",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards and Node.js expose critical data and sensitive information, with CVSS scores indicating significant risk, particularly for Windows users and specific device names.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27210 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-27210"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2026-21934",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Push Notifications component affects versions 8.60, 8.61, and 8.62, allowing low-privileged attackers to exploit it via HTTP, potentially leading to unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21934 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21934.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21934"
},
{
"cve": "CVE-2026-21938",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing significant risks to data confidentiality and integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21938 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21938"
},
{
"cve": "CVE-2026-21951",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Integration Broker component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21951 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21951.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21951"
},
{
"cve": "CVE-2026-21961",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise HCM Human Resources product (version 9.2) allows unauthenticated attackers to compromise the system, with a CVSS score of 6.1 indicating risks to confidentiality and integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21961 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21961"
},
{
"cve": "CVE-2026-21971",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 allows low-privileged attackers to compromise the system, potentially leading to unauthorized data access and modifications, with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21971 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21971.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21971"
}
]
}
NCSC-2026-0032
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:12 - Updated: 2026-01-21 10:12Summary
Kwetsbaarheden verholpen in Oracle MySQL
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in diverse Oracle MySQL componenten.
Interpretaties: De kwetsbaarheden stellen hooggeprivilegieerde aanvallers in staat om de server op afstand te exploiteren, wat kan leiden tot servercrashes en Denial of Service. Dit probleem kan worden misbruikt door aanvallers met netwerktoegang, wat de noodzaak van aandacht van beveiligingsbeheerders onderstreept.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-122: Heap-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-197: Numeric Truncation Error
CWE-787: Out-of-bounds Write
Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.
9.8 (Critical)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.
7.1 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to potentially cause a denial of service by crashing the server, with a CVSS score of 5.3 indicating availability impacts.
5.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL's InnoDB component affects specific versions, allowing high-privileged attackers to crash the MySQL Server, with a CVSS score of 4.9 indicating availability impacts.
4.9 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to cause denial of service via network access, with a CVSS score of 4.9.
4.9 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.
4.9 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.
4.9 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers to cause denial of service, leading to server crashes, with a CVSS 3.1 Base Score of 4.9.
4.9 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL's Server: Thread Pooling component affects specific versions, allowing high-privileged attackers to remotely exploit it, potentially leading to denial of service with a CVSS score of 4.9.
4.9 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers with network access to potentially cause a partial denial of service, rated with a CVSS 3.1 Base Score of 2.7.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows low-privileged attackers to cause denial of service via network access, with a CVSS score of 6.5.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / MySQL
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Cluster
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Connectors
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Enterprise Backup
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / MySQL Workbench
|
vers:unknown/* |
References
16 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse Oracle MySQL componenten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen hooggeprivilegieerde aanvallers in staat om de server op afstand te exploiteren, wat kan leiden tot servercrashes en Denial of Service. Dit probleem kan worden misbruikt door aanvallers met netwerktoegang, wat de noodzaak van aandacht van beveiligingsbeheerders onderstreept.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle MySQL",
"tracking": {
"current_release_date": "2026-01-21T10:12:24.844869Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0032",
"initial_release_date": "2026-01-21T10:12:24.844869Z",
"revision_history": [
{
"date": "2026-01-21T10:12:24.844869Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "MySQL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "MySQL Cluster"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "MySQL Connectors"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "MySQL Enterprise Backup"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "MySQL Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "MySQL Workbench"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65018 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2026-21929",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to potentially cause a denial of service by crashing the server, with a CVSS score of 5.3 indicating availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21929 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21929.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21929"
},
{
"cve": "CVE-2026-21936",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL\u0027s InnoDB component affects specific versions, allowing high-privileged attackers to crash the MySQL Server, with a CVSS score of 4.9 indicating availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21936 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21936.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21936"
},
{
"cve": "CVE-2026-21937",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to cause denial of service via network access, with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21937 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21937.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21937"
},
{
"cve": "CVE-2026-21941",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21941 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21941.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21941"
},
{
"cve": "CVE-2026-21948",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21948"
},
{
"cve": "CVE-2026-21949",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21949"
},
{
"cve": "CVE-2026-21950",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21950 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21950.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21950"
},
{
"cve": "CVE-2026-21952",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers to cause denial of service, leading to server crashes, with a CVSS 3.1 Base Score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21952 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21952.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21952"
},
{
"cve": "CVE-2026-21964",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL\u0027s Server: Thread Pooling component affects specific versions, allowing high-privileged attackers to remotely exploit it, potentially leading to denial of service with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21964 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21964.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21964"
},
{
"cve": "CVE-2026-21965",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers with network access to potentially cause a partial denial of service, rated with a CVSS 3.1 Base Score of 2.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21965"
},
{
"cve": "CVE-2026-21968",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows low-privileged attackers to cause denial of service via network access, with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21968 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21968.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21968"
}
]
}
OPENSUSE-SU-2025:15590-1
Vulnerability from csaf_opensuse - Published: 2025-10-01 00:00 - Updated: 2025-10-01 00:00Summary
curl-8.16.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: curl-8.16.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the curl-8.16.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15590
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:wcurl-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:wcurl-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:wcurl-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:wcurl-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:wcurl-8.16.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:wcurl-8.16.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:wcurl-8.16.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:wcurl-8.16.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "curl-8.16.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the curl-8.16.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15590",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15590-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-10148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-10148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9086 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9086/"
}
],
"title": "curl-8.16.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-10-01T00:00:00Z",
"generator": {
"date": "2025-10-01T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15590-1",
"initial_release_date": "2025-10-01T00:00:00Z",
"revision_history": [
{
"date": "2025-10-01T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "curl-8.16.0-1.1.aarch64",
"product": {
"name": "curl-8.16.0-1.1.aarch64",
"product_id": "curl-8.16.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "curl-fish-completion-8.16.0-1.1.aarch64",
"product": {
"name": "curl-fish-completion-8.16.0-1.1.aarch64",
"product_id": "curl-fish-completion-8.16.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "curl-zsh-completion-8.16.0-1.1.aarch64",
"product": {
"name": "curl-zsh-completion-8.16.0-1.1.aarch64",
"product_id": "curl-zsh-completion-8.16.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.16.0-1.1.aarch64",
"product": {
"name": "libcurl-devel-8.16.0-1.1.aarch64",
"product_id": "libcurl-devel-8.16.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-8.16.0-1.1.aarch64",
"product": {
"name": "libcurl-devel-32bit-8.16.0-1.1.aarch64",
"product_id": "libcurl-devel-32bit-8.16.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-doc-8.16.0-1.1.aarch64",
"product": {
"name": "libcurl-devel-doc-8.16.0-1.1.aarch64",
"product_id": "libcurl-devel-doc-8.16.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-8.16.0-1.1.aarch64",
"product": {
"name": "libcurl4-8.16.0-1.1.aarch64",
"product_id": "libcurl4-8.16.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-8.16.0-1.1.aarch64",
"product": {
"name": "libcurl4-32bit-8.16.0-1.1.aarch64",
"product_id": "libcurl4-32bit-8.16.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "wcurl-8.16.0-1.1.aarch64",
"product": {
"name": "wcurl-8.16.0-1.1.aarch64",
"product_id": "wcurl-8.16.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.16.0-1.1.ppc64le",
"product": {
"name": "curl-8.16.0-1.1.ppc64le",
"product_id": "curl-8.16.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "curl-fish-completion-8.16.0-1.1.ppc64le",
"product": {
"name": "curl-fish-completion-8.16.0-1.1.ppc64le",
"product_id": "curl-fish-completion-8.16.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "curl-zsh-completion-8.16.0-1.1.ppc64le",
"product": {
"name": "curl-zsh-completion-8.16.0-1.1.ppc64le",
"product_id": "curl-zsh-completion-8.16.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.16.0-1.1.ppc64le",
"product": {
"name": "libcurl-devel-8.16.0-1.1.ppc64le",
"product_id": "libcurl-devel-8.16.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-8.16.0-1.1.ppc64le",
"product": {
"name": "libcurl-devel-32bit-8.16.0-1.1.ppc64le",
"product_id": "libcurl-devel-32bit-8.16.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-doc-8.16.0-1.1.ppc64le",
"product": {
"name": "libcurl-devel-doc-8.16.0-1.1.ppc64le",
"product_id": "libcurl-devel-doc-8.16.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-8.16.0-1.1.ppc64le",
"product": {
"name": "libcurl4-8.16.0-1.1.ppc64le",
"product_id": "libcurl4-8.16.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-8.16.0-1.1.ppc64le",
"product": {
"name": "libcurl4-32bit-8.16.0-1.1.ppc64le",
"product_id": "libcurl4-32bit-8.16.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "wcurl-8.16.0-1.1.ppc64le",
"product": {
"name": "wcurl-8.16.0-1.1.ppc64le",
"product_id": "wcurl-8.16.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.16.0-1.1.s390x",
"product": {
"name": "curl-8.16.0-1.1.s390x",
"product_id": "curl-8.16.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "curl-fish-completion-8.16.0-1.1.s390x",
"product": {
"name": "curl-fish-completion-8.16.0-1.1.s390x",
"product_id": "curl-fish-completion-8.16.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "curl-zsh-completion-8.16.0-1.1.s390x",
"product": {
"name": "curl-zsh-completion-8.16.0-1.1.s390x",
"product_id": "curl-zsh-completion-8.16.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.16.0-1.1.s390x",
"product": {
"name": "libcurl-devel-8.16.0-1.1.s390x",
"product_id": "libcurl-devel-8.16.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-8.16.0-1.1.s390x",
"product": {
"name": "libcurl-devel-32bit-8.16.0-1.1.s390x",
"product_id": "libcurl-devel-32bit-8.16.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-doc-8.16.0-1.1.s390x",
"product": {
"name": "libcurl-devel-doc-8.16.0-1.1.s390x",
"product_id": "libcurl-devel-doc-8.16.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-8.16.0-1.1.s390x",
"product": {
"name": "libcurl4-8.16.0-1.1.s390x",
"product_id": "libcurl4-8.16.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-8.16.0-1.1.s390x",
"product": {
"name": "libcurl4-32bit-8.16.0-1.1.s390x",
"product_id": "libcurl4-32bit-8.16.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "wcurl-8.16.0-1.1.s390x",
"product": {
"name": "wcurl-8.16.0-1.1.s390x",
"product_id": "wcurl-8.16.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.16.0-1.1.x86_64",
"product": {
"name": "curl-8.16.0-1.1.x86_64",
"product_id": "curl-8.16.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "curl-fish-completion-8.16.0-1.1.x86_64",
"product": {
"name": "curl-fish-completion-8.16.0-1.1.x86_64",
"product_id": "curl-fish-completion-8.16.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "curl-zsh-completion-8.16.0-1.1.x86_64",
"product": {
"name": "curl-zsh-completion-8.16.0-1.1.x86_64",
"product_id": "curl-zsh-completion-8.16.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.16.0-1.1.x86_64",
"product": {
"name": "libcurl-devel-8.16.0-1.1.x86_64",
"product_id": "libcurl-devel-8.16.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-8.16.0-1.1.x86_64",
"product": {
"name": "libcurl-devel-32bit-8.16.0-1.1.x86_64",
"product_id": "libcurl-devel-32bit-8.16.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-doc-8.16.0-1.1.x86_64",
"product": {
"name": "libcurl-devel-doc-8.16.0-1.1.x86_64",
"product_id": "libcurl-devel-doc-8.16.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-8.16.0-1.1.x86_64",
"product": {
"name": "libcurl4-8.16.0-1.1.x86_64",
"product_id": "libcurl4-8.16.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-8.16.0-1.1.x86_64",
"product": {
"name": "libcurl4-32bit-8.16.0-1.1.x86_64",
"product_id": "libcurl4-32bit-8.16.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "wcurl-8.16.0-1.1.x86_64",
"product": {
"name": "wcurl-8.16.0-1.1.x86_64",
"product_id": "wcurl-8.16.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.16.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-8.16.0-1.1.aarch64"
},
"product_reference": "curl-8.16.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.16.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-8.16.0-1.1.ppc64le"
},
"product_reference": "curl-8.16.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.16.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-8.16.0-1.1.s390x"
},
"product_reference": "curl-8.16.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.16.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-8.16.0-1.1.x86_64"
},
"product_reference": "curl-8.16.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-fish-completion-8.16.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.aarch64"
},
"product_reference": "curl-fish-completion-8.16.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-fish-completion-8.16.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.ppc64le"
},
"product_reference": "curl-fish-completion-8.16.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-fish-completion-8.16.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.s390x"
},
"product_reference": "curl-fish-completion-8.16.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-fish-completion-8.16.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.x86_64"
},
"product_reference": "curl-fish-completion-8.16.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-zsh-completion-8.16.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.aarch64"
},
"product_reference": "curl-zsh-completion-8.16.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-zsh-completion-8.16.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.ppc64le"
},
"product_reference": "curl-zsh-completion-8.16.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-zsh-completion-8.16.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.s390x"
},
"product_reference": "curl-zsh-completion-8.16.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-zsh-completion-8.16.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.x86_64"
},
"product_reference": "curl-zsh-completion-8.16.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.16.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.aarch64"
},
"product_reference": "libcurl-devel-8.16.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.16.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.ppc64le"
},
"product_reference": "libcurl-devel-8.16.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.16.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.s390x"
},
"product_reference": "libcurl-devel-8.16.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.16.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.x86_64"
},
"product_reference": "libcurl-devel-8.16.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-8.16.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.aarch64"
},
"product_reference": "libcurl-devel-32bit-8.16.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-8.16.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.ppc64le"
},
"product_reference": "libcurl-devel-32bit-8.16.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-8.16.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.s390x"
},
"product_reference": "libcurl-devel-32bit-8.16.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-8.16.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.x86_64"
},
"product_reference": "libcurl-devel-32bit-8.16.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-doc-8.16.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.aarch64"
},
"product_reference": "libcurl-devel-doc-8.16.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-doc-8.16.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.ppc64le"
},
"product_reference": "libcurl-devel-doc-8.16.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-doc-8.16.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.s390x"
},
"product_reference": "libcurl-devel-doc-8.16.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-doc-8.16.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.x86_64"
},
"product_reference": "libcurl-devel-doc-8.16.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.16.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-8.16.0-1.1.aarch64"
},
"product_reference": "libcurl4-8.16.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.16.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-8.16.0-1.1.ppc64le"
},
"product_reference": "libcurl4-8.16.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.16.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-8.16.0-1.1.s390x"
},
"product_reference": "libcurl4-8.16.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.16.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-8.16.0-1.1.x86_64"
},
"product_reference": "libcurl4-8.16.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-8.16.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.aarch64"
},
"product_reference": "libcurl4-32bit-8.16.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-8.16.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.ppc64le"
},
"product_reference": "libcurl4-32bit-8.16.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-8.16.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.s390x"
},
"product_reference": "libcurl4-32bit-8.16.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-8.16.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.x86_64"
},
"product_reference": "libcurl4-32bit-8.16.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wcurl-8.16.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wcurl-8.16.0-1.1.aarch64"
},
"product_reference": "wcurl-8.16.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wcurl-8.16.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wcurl-8.16.0-1.1.ppc64le"
},
"product_reference": "wcurl-8.16.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wcurl-8.16.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wcurl-8.16.0-1.1.s390x"
},
"product_reference": "wcurl-8.16.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wcurl-8.16.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wcurl-8.16.0-1.1.x86_64"
},
"product_reference": "wcurl-8.16.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-10148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-10148"
}
],
"notes": [
{
"category": "general",
"text": "curl\u0027s websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-10148",
"url": "https://www.suse.com/security/cve/CVE-2025-10148"
},
{
"category": "external",
"summary": "SUSE Bug 1249348 for CVE-2025-10148",
"url": "https://bugzilla.suse.com/1249348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-01T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-10148"
},
{
"cve": "CVE-2025-9086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9086"
}
],
"notes": [
{
"category": "general",
"text": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path=\u0027/\u0027`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9086",
"url": "https://www.suse.com/security/cve/CVE-2025-9086"
},
{
"category": "external",
"summary": "SUSE Bug 1249191 for CVE-2025-9086",
"url": "https://bugzilla.suse.com/1249191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-fish-completion-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:curl-zsh-completion-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-doc-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.16.0-1.1.x86_64",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.aarch64",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.ppc64le",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.s390x",
"openSUSE Tumbleweed:wcurl-8.16.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-01T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-9086"
}
]
}
OPENSUSE-SU-2025:20090-1
Vulnerability from csaf_opensuse - Published: 2025-11-26 14:30 - Updated: 2025-11-26 14:30Summary
Security update for curl
Severity
Important
Notes
Title of the patch: Security update for curl
Description of the patch: This update for curl fixes the following issues:
- CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191)
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
- CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348)
Other fixes:
- tool_operate: fix return code when --retry is used but not
triggered (bsc#1249367)
Patchnames: openSUSE-Leap-16.0-57
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for curl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for curl fixes the following issues:\n\n- CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191)\n- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)\n- CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348)\n\nOther fixes:\n- tool_operate: fix return code when --retry is used but not\n triggered (bsc#1249367)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-57",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_20090-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1249191",
"url": "https://bugzilla.suse.com/1249191"
},
{
"category": "self",
"summary": "SUSE Bug 1249348",
"url": "https://bugzilla.suse.com/1249348"
},
{
"category": "self",
"summary": "SUSE Bug 1249367",
"url": "https://bugzilla.suse.com/1249367"
},
{
"category": "self",
"summary": "SUSE Bug 1253757",
"url": "https://bugzilla.suse.com/1253757"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-10148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-10148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11563 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9086 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9086/"
}
],
"title": "Security update for curl",
"tracking": {
"current_release_date": "2025-11-26T14:30:14Z",
"generator": {
"date": "2025-11-26T14:30:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:20090-1",
"initial_release_date": "2025-11-26T14:30:14Z",
"revision_history": [
{
"date": "2025-11-26T14:30:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "curl-8.14.1-160000.3.1.aarch64",
"product": {
"name": "curl-8.14.1-160000.3.1.aarch64",
"product_id": "curl-8.14.1-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.14.1-160000.3.1.aarch64",
"product": {
"name": "libcurl-devel-8.14.1-160000.3.1.aarch64",
"product_id": "libcurl-devel-8.14.1-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-8.14.1-160000.3.1.aarch64",
"product": {
"name": "libcurl4-8.14.1-160000.3.1.aarch64",
"product_id": "libcurl4-8.14.1-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-fish-completion-8.14.1-160000.3.1.noarch",
"product": {
"name": "curl-fish-completion-8.14.1-160000.3.1.noarch",
"product_id": "curl-fish-completion-8.14.1-160000.3.1.noarch"
}
},
{
"category": "product_version",
"name": "curl-zsh-completion-8.14.1-160000.3.1.noarch",
"product": {
"name": "curl-zsh-completion-8.14.1-160000.3.1.noarch",
"product_id": "curl-zsh-completion-8.14.1-160000.3.1.noarch"
}
},
{
"category": "product_version",
"name": "libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"product": {
"name": "libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"product_id": "libcurl-devel-doc-8.14.1-160000.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.14.1-160000.3.1.ppc64le",
"product": {
"name": "curl-8.14.1-160000.3.1.ppc64le",
"product_id": "curl-8.14.1-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.14.1-160000.3.1.ppc64le",
"product": {
"name": "libcurl-devel-8.14.1-160000.3.1.ppc64le",
"product_id": "libcurl-devel-8.14.1-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-8.14.1-160000.3.1.ppc64le",
"product": {
"name": "libcurl4-8.14.1-160000.3.1.ppc64le",
"product_id": "libcurl4-8.14.1-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.14.1-160000.3.1.s390x",
"product": {
"name": "curl-8.14.1-160000.3.1.s390x",
"product_id": "curl-8.14.1-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.14.1-160000.3.1.s390x",
"product": {
"name": "libcurl-devel-8.14.1-160000.3.1.s390x",
"product_id": "libcurl-devel-8.14.1-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-8.14.1-160000.3.1.s390x",
"product": {
"name": "libcurl4-8.14.1-160000.3.1.s390x",
"product_id": "libcurl4-8.14.1-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.14.1-160000.3.1.x86_64",
"product": {
"name": "curl-8.14.1-160000.3.1.x86_64",
"product_id": "curl-8.14.1-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.14.1-160000.3.1.x86_64",
"product": {
"name": "libcurl-devel-8.14.1-160000.3.1.x86_64",
"product_id": "libcurl-devel-8.14.1-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-8.14.1-160000.3.1.x86_64",
"product": {
"name": "libcurl4-8.14.1-160000.3.1.x86_64",
"product_id": "libcurl4-8.14.1-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.14.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64"
},
"product_reference": "curl-8.14.1-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.14.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le"
},
"product_reference": "curl-8.14.1-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.14.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x"
},
"product_reference": "curl-8.14.1-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.14.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64"
},
"product_reference": "curl-8.14.1-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-fish-completion-8.14.1-160000.3.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch"
},
"product_reference": "curl-fish-completion-8.14.1-160000.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-zsh-completion-8.14.1-160000.3.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch"
},
"product_reference": "curl-zsh-completion-8.14.1-160000.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.14.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64"
},
"product_reference": "libcurl-devel-8.14.1-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.14.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le"
},
"product_reference": "libcurl-devel-8.14.1-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.14.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x"
},
"product_reference": "libcurl-devel-8.14.1-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.14.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64"
},
"product_reference": "libcurl-devel-8.14.1-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-doc-8.14.1-160000.3.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch"
},
"product_reference": "libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.14.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64"
},
"product_reference": "libcurl4-8.14.1-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.14.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le"
},
"product_reference": "libcurl4-8.14.1-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.14.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x"
},
"product_reference": "libcurl4-8.14.1-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.14.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
},
"product_reference": "libcurl4-8.14.1-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-10148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-10148"
}
],
"notes": [
{
"category": "general",
"text": "curl\u0027s websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-10148",
"url": "https://www.suse.com/security/cve/CVE-2025-10148"
},
{
"category": "external",
"summary": "SUSE Bug 1249348 for CVE-2025-10148",
"url": "https://bugzilla.suse.com/1249348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T14:30:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-10148"
},
{
"cve": "CVE-2025-11563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11563"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11563",
"url": "https://www.suse.com/security/cve/CVE-2025-11563"
},
{
"category": "external",
"summary": "SUSE Bug 1253757 for CVE-2025-11563",
"url": "https://bugzilla.suse.com/1253757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T14:30:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-11563"
},
{
"cve": "CVE-2025-9086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9086"
}
],
"notes": [
{
"category": "general",
"text": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path=\u0027/\u0027`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9086",
"url": "https://www.suse.com/security/cve/CVE-2025-9086"
},
{
"category": "external",
"summary": "SUSE Bug 1249191 for CVE-2025-9086",
"url": "https://bugzilla.suse.com/1249191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:curl-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:curl-fish-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:curl-zsh-completion-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl-devel-8.14.1-160000.3.1.x86_64",
"openSUSE Leap 16.0:libcurl-devel-doc-8.14.1-160000.3.1.noarch",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.aarch64",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.s390x",
"openSUSE Leap 16.0:libcurl4-8.14.1-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T14:30:14Z",
"details": "important"
}
],
"title": "CVE-2025-9086"
}
]
}
RHSA-2025:23043
Vulnerability from csaf_redhat - Published: 2025-12-10 16:27 - Updated: 2026-04-19 19:41Summary
Red Hat Security Advisory: curl security update
Severity
Moderate
Notes
Topic: An update for curl is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
* curl: libcurl: Curl out of bounds read for cookie path (CVE-2025-9086)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.
5.3 (Medium)
Affected products
Fixed
98 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for curl is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: libcurl: Curl out of bounds read for cookie path (CVE-2025-9086)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23043",
"url": "https://access.redhat.com/errata/RHSA-2025:23043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2394750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394750"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23043.json"
}
],
"title": "Red Hat Security Advisory: curl security update",
"tracking": {
"current_release_date": "2026-04-19T19:41:15+00:00",
"generator": {
"date": "2026-04-19T19:41:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:23043",
"initial_release_date": "2025-12-10T16:27:23+00:00",
"revision_history": [
{
"date": "2025-12-10T16:27:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T16:27:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-19T19:41:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"product": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"product_id": "libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-devel@7.76.1-31.el9_6.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"product": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"product_id": "curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-debugsource@7.76.1-31.el9_6.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product_id": "curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-debuginfo@7.76.1-31.el9_6.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product_id": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-minimal-debuginfo@7.76.1-31.el9_6.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product_id": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-debuginfo@7.76.1-31.el9_6.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product_id": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.76.1-31.el9_6.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "curl-0:7.76.1-31.el9_6.2.aarch64",
"product": {
"name": "curl-0:7.76.1-31.el9_6.2.aarch64",
"product_id": "curl-0:7.76.1-31.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl@7.76.1-31.el9_6.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"product": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"product_id": "curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libcurl-0:7.76.1-31.el9_6.2.aarch64",
"product": {
"name": "libcurl-0:7.76.1-31.el9_6.2.aarch64",
"product_id": "libcurl-0:7.76.1-31.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl@7.76.1-31.el9_6.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"product": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"product_id": "libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"product": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"product_id": "libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-devel@7.76.1-31.el9_6.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"product": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"product_id": "curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-debugsource@7.76.1-31.el9_6.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product_id": "curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-debuginfo@7.76.1-31.el9_6.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product_id": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-minimal-debuginfo@7.76.1-31.el9_6.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product_id": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-debuginfo@7.76.1-31.el9_6.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product_id": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.76.1-31.el9_6.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "curl-0:7.76.1-31.el9_6.2.ppc64le",
"product": {
"name": "curl-0:7.76.1-31.el9_6.2.ppc64le",
"product_id": "curl-0:7.76.1-31.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl@7.76.1-31.el9_6.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"product": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"product_id": "curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"product": {
"name": "libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"product_id": "libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl@7.76.1-31.el9_6.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"product": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"product_id": "libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"product": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"product_id": "libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-devel@7.76.1-31.el9_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"product": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"product_id": "curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-debugsource@7.76.1-31.el9_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product_id": "curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-debuginfo@7.76.1-31.el9_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product_id": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-minimal-debuginfo@7.76.1-31.el9_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product_id": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-debuginfo@7.76.1-31.el9_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product_id": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.76.1-31.el9_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libcurl-0:7.76.1-31.el9_6.2.i686",
"product": {
"name": "libcurl-0:7.76.1-31.el9_6.2.i686",
"product_id": "libcurl-0:7.76.1-31.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl@7.76.1-31.el9_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"product": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"product_id": "libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"product": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"product_id": "libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-devel@7.76.1-31.el9_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"product": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"product_id": "curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-debugsource@7.76.1-31.el9_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product_id": "curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-debuginfo@7.76.1-31.el9_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product_id": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-minimal-debuginfo@7.76.1-31.el9_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product_id": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-debuginfo@7.76.1-31.el9_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product_id": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.76.1-31.el9_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "curl-0:7.76.1-31.el9_6.2.x86_64",
"product": {
"name": "curl-0:7.76.1-31.el9_6.2.x86_64",
"product_id": "curl-0:7.76.1-31.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl@7.76.1-31.el9_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"product": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"product_id": "curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libcurl-0:7.76.1-31.el9_6.2.x86_64",
"product": {
"name": "libcurl-0:7.76.1-31.el9_6.2.x86_64",
"product_id": "libcurl-0:7.76.1-31.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl@7.76.1-31.el9_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"product": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"product_id": "libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"product": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"product_id": "libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-devel@7.76.1-31.el9_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"product": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"product_id": "curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-debugsource@7.76.1-31.el9_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product_id": "curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-debuginfo@7.76.1-31.el9_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product_id": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-minimal-debuginfo@7.76.1-31.el9_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product_id": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-debuginfo@7.76.1-31.el9_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product_id": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.76.1-31.el9_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "curl-0:7.76.1-31.el9_6.2.s390x",
"product": {
"name": "curl-0:7.76.1-31.el9_6.2.s390x",
"product_id": "curl-0:7.76.1-31.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl@7.76.1-31.el9_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"product": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"product_id": "curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libcurl-0:7.76.1-31.el9_6.2.s390x",
"product": {
"name": "libcurl-0:7.76.1-31.el9_6.2.s390x",
"product_id": "libcurl-0:7.76.1-31.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl@7.76.1-31.el9_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"product": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"product_id": "libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-0:7.76.1-31.el9_6.2.src",
"product": {
"name": "curl-0:7.76.1-31.el9_6.2.src",
"product_id": "curl-0:7.76.1-31.el9_6.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/curl@7.76.1-31.el9_6.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "curl-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "curl-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "curl-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-0:7.76.1-31.el9_6.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src"
},
"product_reference": "curl-0:7.76.1-31.el9_6.2.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "curl-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "libcurl-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "libcurl-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "libcurl-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "libcurl-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "curl-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "curl-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "curl-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-0:7.76.1-31.el9_6.2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src"
},
"product_reference": "curl-0:7.76.1-31.el9_6.2.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "curl-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-debugsource-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "libcurl-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "libcurl-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "libcurl-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "libcurl-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64"
},
"product_reference": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686"
},
"product_reference": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le"
},
"product_reference": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x"
},
"product_reference": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
},
"product_reference": "libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-12T06:01:02.244669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394750"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: libcurl: Curl out of bounds read for cookie path",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9086"
},
{
"category": "external",
"summary": "RHBZ#2394750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2025-9086.html",
"url": "https://curl.se/docs/CVE-2025-9086.html"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2025-9086.json",
"url": "https://curl.se/docs/CVE-2025-9086.json"
},
{
"category": "external",
"summary": "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6",
"url": "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3294999",
"url": "https://hackerone.com/reports/3294999"
}
],
"release_date": "2025-09-12T05:10:03.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T16:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23043"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:curl-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-debugsource-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:curl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-debuginfo-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-devel-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-0:7.76.1-31.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:libcurl-minimal-debuginfo-0:7.76.1-31.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: libcurl: Curl out of bounds read for cookie path"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…