Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1042 vulnerabilities found for AIX by IBM

    CERTFR-2026-AVI-0641

    Vulnerability from certfr_avis - Published: 2026-05-22 - Updated: 2026-05-22

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM AIX Open SDK pour Rust sur AIX versions 1.92.x sans le correctif de sécurité Fix Pack 2
    IBM WebSphere WebSphere Automation versions 1.1x antérieures à 1.12.1
    IBM Db2 Db2 versions 12.1.x antérieures à 12.1.4 sans le correctif Special Build #83501
    IBM Db2 Db2 Big SQL versions 7.6.x à 8.3.x antérieures à 8.3.1 patch 4
    IBM Db2 Db2 sur Cloud Pak for Data et Db2 Warehouse sur Cloud Pak for Data versions 4.8.x à 5.3.x antérieures à 5.3.1
    IBM AIX Open SDK pour Rust sur AIX versions 1.90.x sans le correctif de sécurité Fix Pack 2
    IBM Sterling Sterling Transformation Extender versions 11.0.1.1 et 11.0.2.0 sans le correctif de sécurité PH71227
    IBM Db2 Db2 versions 11.5.x antérieures à 11.5.9 sans le correctif Special Build #81937
    References
    Bulletin de sécurité IBM 7273152 2026-05-15 vendor-advisory
    Bulletin de sécurité IBM 7273312 2026-05-18 vendor-advisory
    Bulletin de sécurité IBM 7273153 2026-05-15 vendor-advisory
    Bulletin de sécurité IBM 7273155 2026-05-15 vendor-advisory
    Bulletin de sécurité IBM 7271877 2026-05-19 vendor-advisory
    Bulletin de sécurité IBM 7273156 2026-05-15 vendor-advisory
    Bulletin de sécurité IBM 7273269 2026-05-17 vendor-advisory
    Bulletin de sécurité IBM 7273281 2026-05-18 vendor-advisory
    Bulletin de sécurité IBM 7273150 2026-05-15 vendor-advisory
    Bulletin de sécurité IBM 7273151 2026-05-15 vendor-advisory
    Bulletin de sécurité IBM 7273555 2026-05-21 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Open SDK pour Rust sur AIX versions 1.92.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 2",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Automation versions 1.1x ant\u00e9rieures \u00e0 1.12.1",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.4 sans le correctif Special Build #83501",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 Big SQL versions 7.6.x \u00e0 8.3.x ant\u00e9rieures \u00e0 8.3.1 patch 4",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 sur Cloud Pak for Data et Db2 Warehouse sur Cloud Pak for Data versions 4.8.x \u00e0 5.3.x ant\u00e9rieures \u00e0 5.3.1",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Open SDK pour Rust sur AIX versions 1.90.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 2",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 11.0.1.1 et 11.0.2.0 sans le correctif de s\u00e9curit\u00e9 PH71227",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le correctif Special Build #81937",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-6395",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
        },
        {
          "name": "CVE-2026-26007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
        },
        {
          "name": "CVE-2025-61730",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
        },
        {
          "name": "CVE-2025-36353",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
        },
        {
          "name": "CVE-2026-21933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
        },
        {
          "name": "CVE-2026-21932",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
        },
        {
          "name": "CVE-2025-58190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
        },
        {
          "name": "CVE-2026-32597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
        },
        {
          "name": "CVE-2026-31958",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31958"
        },
        {
          "name": "CVE-2025-67726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67726"
        },
        {
          "name": "CVE-2026-33186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
        },
        {
          "name": "CVE-2025-13867",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
        },
        {
          "name": "CVE-2025-2668",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
        },
        {
          "name": "CVE-2025-36427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
        },
        {
          "name": "CVE-2025-39761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39761"
        },
        {
          "name": "CVE-2026-35611",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35611"
        },
        {
          "name": "CVE-2024-45310",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45310"
        },
        {
          "name": "CVE-2025-36384",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
        },
        {
          "name": "CVE-2025-36098",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
        },
        {
          "name": "CVE-2025-36184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
        },
        {
          "name": "CVE-2026-2391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
        },
        {
          "name": "CVE-2026-22013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
        },
        {
          "name": "CVE-2026-22018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
        },
        {
          "name": "CVE-2025-36247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
        },
        {
          "name": "CVE-2025-58767",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
        },
        {
          "name": "CVE-2025-36009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
        },
        {
          "name": "CVE-2025-9820",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
        },
        {
          "name": "CVE-2025-36070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
        },
        {
          "name": "CVE-2025-36428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
        },
        {
          "name": "CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "name": "CVE-2026-34282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
        },
        {
          "name": "CVE-2025-36424",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
        },
        {
          "name": "CVE-2025-36387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
        },
        {
          "name": "CVE-2025-33042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
        },
        {
          "name": "CVE-2025-58057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
        },
        {
          "name": "CVE-2026-21925",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
        },
        {
          "name": "CVE-2025-64718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
        },
        {
          "name": "CVE-2023-47038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
        },
        {
          "name": "CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "name": "CVE-2026-27142",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
        },
        {
          "name": "CVE-2026-23865",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
        },
        {
          "name": "CVE-2026-33671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
        },
        {
          "name": "CVE-2025-67721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
        },
        {
          "name": "CVE-2026-33750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
        },
        {
          "name": "CVE-2026-6918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
        },
        {
          "name": "CVE-2025-47911",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
        },
        {
          "name": "CVE-2026-33228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
        },
        {
          "name": "CVE-2026-40175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
        },
        {
          "name": "CVE-2026-29045",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29045"
        },
        {
          "name": "CVE-2021-43784",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
        },
        {
          "name": "CVE-2025-68161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
        },
        {
          "name": "CVE-2025-12801",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12801"
        },
        {
          "name": "CVE-2026-1188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
        },
        {
          "name": "CVE-2026-27903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
        },
        {
          "name": "CVE-2026-41681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41681"
        },
        {
          "name": "CVE-2026-25679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
        },
        {
          "name": "CVE-2025-55163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
        },
        {
          "name": "CVE-2026-41677",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41677"
        },
        {
          "name": "CVE-2025-32990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
        },
        {
          "name": "CVE-2025-36425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
        },
        {
          "name": "CVE-2025-32989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
        },
        {
          "name": "CVE-2025-61594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61594"
        },
        {
          "name": "CVE-2026-22016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
        },
        {
          "name": "CVE-2026-22021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
        },
        {
          "name": "CVE-2026-22007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
        },
        {
          "name": "CVE-2025-54410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
        },
        {
          "name": "CVE-2025-69873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
        },
        {
          "name": "CVE-2026-34268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
        },
        {
          "name": "CVE-2026-3713",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3713"
        },
        {
          "name": "CVE-2025-67735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
        },
        {
          "name": "CVE-2025-61728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
        },
        {
          "name": "CVE-2025-36001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
        },
        {
          "name": "CVE-2025-58056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
        },
        {
          "name": "CVE-2025-32988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
        },
        {
          "name": "CVE-2026-33672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
        },
        {
          "name": "CVE-2025-58181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
        },
        {
          "name": "CVE-2025-47914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
        },
        {
          "name": "CVE-2025-36365",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
        },
        {
          "name": "CVE-2026-25639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
        },
        {
          "name": "CVE-2025-36442",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
        },
        {
          "name": "CVE-2025-38351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38351"
        },
        {
          "name": "CVE-2026-21945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
        },
        {
          "name": "CVE-2025-59059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59059"
        },
        {
          "name": "CVE-2026-41676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41676"
        },
        {
          "name": "CVE-2025-14689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
        },
        {
          "name": "CVE-2025-48924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
        },
        {
          "name": "CVE-2025-8916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
        },
        {
          "name": "CVE-2024-47072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
        },
        {
          "name": "CVE-2025-36366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
        },
        {
          "name": "CVE-2025-36123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
        },
        {
          "name": "CVE-2026-26996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
        },
        {
          "name": "CVE-2025-68121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
        },
        {
          "name": "CVE-2024-50301",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
        },
        {
          "name": "CVE-2025-67724",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67724"
        },
        {
          "name": "CVE-2025-61726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
        },
        {
          "name": "CVE-2026-29087",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29087"
        },
        {
          "name": "CVE-2025-21614",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
        },
        {
          "name": "CVE-2025-53864",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
        },
        {
          "name": "CVE-2026-32141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
        },
        {
          "name": "CVE-2026-35554",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35554"
        },
        {
          "name": "CVE-2025-5914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
        },
        {
          "name": "CVE-2025-53057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
        },
        {
          "name": "CVE-2025-36407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
        },
        {
          "name": "CVE-2026-29063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
        },
        {
          "name": "CVE-2026-22008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
        },
        {
          "name": "CVE-2025-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
        },
        {
          "name": "CVE-2026-1718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1718"
        },
        {
          "name": "CVE-2025-22227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
        },
        {
          "name": "CVE-2025-27221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
        },
        {
          "name": "CVE-2026-27904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
        },
        {
          "name": "CVE-2026-24281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24281"
        },
        {
          "name": "CVE-2026-41678",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41678"
        },
        {
          "name": "CVE-2025-14831",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
        }
      ],
      "initial_release_date": "2026-05-22T00:00:00",
      "last_revision_date": "2026-05-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0641",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-05-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273152",
          "url": "https://www.ibm.com/support/pages/node/7273152"
        },
        {
          "published_at": "2026-05-18",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273312",
          "url": "https://www.ibm.com/support/pages/node/7273312"
        },
        {
          "published_at": "2026-05-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273153",
          "url": "https://www.ibm.com/support/pages/node/7273153"
        },
        {
          "published_at": "2026-05-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273155",
          "url": "https://www.ibm.com/support/pages/node/7273155"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7271877",
          "url": "https://www.ibm.com/support/pages/node/7271877"
        },
        {
          "published_at": "2026-05-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273156",
          "url": "https://www.ibm.com/support/pages/node/7273156"
        },
        {
          "published_at": "2026-05-17",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273269",
          "url": "https://www.ibm.com/support/pages/node/7273269"
        },
        {
          "published_at": "2026-05-18",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273281",
          "url": "https://www.ibm.com/support/pages/node/7273281"
        },
        {
          "published_at": "2026-05-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273150",
          "url": "https://www.ibm.com/support/pages/node/7273150"
        },
        {
          "published_at": "2026-05-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273151",
          "url": "https://www.ibm.com/support/pages/node/7273151"
        },
        {
          "published_at": "2026-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7273555",
          "url": "https://www.ibm.com/support/pages/node/7273555"
        }
      ]
    }

    CERTFR-2026-AVI-0606

    Vulnerability from certfr_avis - Published: 2026-05-15 - Updated: 2026-05-15

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Cognos Analytics Cognos Analytics versions 11.2.x sans le correctif de sécurité Fix Pack 7
    IBM N/A Robotic Process Automation for Cloud Pak versions 30.0.x antérieures à 30.0.2
    IBM Cognos Analytics Cognos Analytics versions 12.1.x antérieures à 12.1.2
    IBM N/A Robotic Process Automation for Cloud Pak versions 23.0.x antérieures à 23.0.20.6
    IBM AIX Open SDK for Rust on AIX versions 1.90.0.0 et 1.92.0.0 sans le correctif de sécurité Fix Pack 1
    IBM Cognos Analytics Cognos Analytics versions 12.0.x sans le correctif de sécurité Fix Pack 2
    References
    Bulletin de sécurité IBM 7272628 2026-05-12 vendor-advisory
    Bulletin de sécurité IBM 7272965 2026-05-14 vendor-advisory
    Bulletin de sécurité IBM 7272446 2026-05-08 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Cognos Analytics versions 11.2.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 7",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Robotic Process Automation for Cloud Pak versions 30.0.x ant\u00e9rieures \u00e0 30.0.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 12.1.x ant\u00e9rieures \u00e0 12.1.2",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Robotic Process Automation for Cloud Pak versions 23.0.x  ant\u00e9rieures \u00e0 23.0.20.6",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Open SDK for Rust on AIX versions 1.90.0.0 et 1.92.0.0 sans le correctif de s\u00e9curit\u00e9 Fix Pack 1",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics versions 12.0.x  sans le correctif de s\u00e9curit\u00e9 Fix Pack 2",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-27516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
        },
        {
          "name": "CVE-2025-4447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
        },
        {
          "name": "CVE-2025-30167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30167"
        },
        {
          "name": "CVE-2025-56200",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
        },
        {
          "name": "CVE-2025-7207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7207"
        },
        {
          "name": "CVE-2024-6866",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
        },
        {
          "name": "CVE-2025-7962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
        },
        {
          "name": "CVE-2025-54798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
        },
        {
          "name": "CVE-2024-12798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
        },
        {
          "name": "CVE-2025-50106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
        },
        {
          "name": "CVE-2025-30754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
        },
        {
          "name": "CVE-2025-50182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
        },
        {
          "name": "CVE-2025-50181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
        },
        {
          "name": "CVE-2025-3633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-3633"
        },
        {
          "name": "CVE-2025-6020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
        },
        {
          "name": "CVE-2024-5535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
        },
        {
          "name": "CVE-2025-12875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12875"
        },
        {
          "name": "CVE-2024-6844",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
        },
        {
          "name": "CVE-2024-12801",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
        },
        {
          "name": "CVE-2026-1188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
        },
        {
          "name": "CVE-2025-48976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
        },
        {
          "name": "CVE-2025-21587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
        },
        {
          "name": "CVE-2025-68146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
        },
        {
          "name": "CVE-2024-35195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
        },
        {
          "name": "CVE-2025-12635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12635"
        },
        {
          "name": "CVE-2025-50059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
        },
        {
          "name": "CVE-2025-30761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
        },
        {
          "name": "CVE-2025-30698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
        },
        {
          "name": "CVE-2024-29371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
        },
        {
          "name": "CVE-2024-56339",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
        },
        {
          "name": "CVE-2025-5889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
        },
        {
          "name": "CVE-2025-30749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
        },
        {
          "name": "CVE-2025-14914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
        },
        {
          "name": "CVE-2025-2900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
        },
        {
          "name": "CVE-2024-6839",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
        },
        {
          "name": "CVE-2025-53057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
        },
        {
          "name": "CVE-2025-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
        },
        {
          "name": "CVE-2025-36126",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36126"
        }
      ],
      "initial_release_date": "2026-05-15T00:00:00",
      "last_revision_date": "2026-05-15T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0606",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7272628",
          "url": "https://www.ibm.com/support/pages/node/7272628"
        },
        {
          "published_at": "2026-05-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7272965",
          "url": "https://www.ibm.com/support/pages/node/7272965"
        },
        {
          "published_at": "2026-05-08",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7272446",
          "url": "https://www.ibm.com/support/pages/node/7272446"
        }
      ]
    }

    CERTFR-2026-AVI-0550

    Vulnerability from certfr_avis - Published: 2026-05-07 - Updated: 2026-05-07

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM AIX AIX 7.2 et 7.3 sans le correctif 301610mc.260424.epkg.Z
    IBM Sterling IBM Sterling Transformation Extender versions 11.0.0.0 sans le correctif PH71092
    IBM Sterling IBM Sterling Transformation Extender versions 10.1.0.3 sans le correctif PH71092
    IBM QRadar SOAR QRadar Plugin App versions antérieures à 5.6.4
    IBM QRadar QRadar AI Assistant versions antérieures à 1.5.0
    IBM Sterling IBM Sterling Transformation Extender versions 10.1.1.2 sans le correctif PH71092
    IBM Sterling IBM Sterling Transformation Extender versions 10.1.2.2 sans le correctif PH71092
    IBM VIOS VIOS 4.1 sans le correctif 301610mc.260424.epkg.Z
    References
    Bulletin de sécurité IBM 7271707 2026-05-05 vendor-advisory
    Bulletin de sécurité IBM 7271922 2026-05-06 vendor-advisory
    Bulletin de sécurité IBM 7271681 2026-05-04 vendor-advisory
    Bulletin de sécurité IBM 7271765 2026-05-05 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "AIX 7.2 et 7.3 sans le correctif 301610mc.260424.epkg.Z",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "IBM Sterling Transformation Extender versions 11.0.0.0 sans le correctif PH71092",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "IBM Sterling Transformation Extender versions 10.1.0.3 sans le correctif PH71092",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.4",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar AI Assistant versions ant\u00e9rieures \u00e0 1.5.0",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "IBM Sterling Transformation Extender versions 10.1.1.2 sans le correctif PH71092",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "IBM Sterling Transformation Extender versions 10.1.2.2 sans le correctif PH71092",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "VIOS 4.1 sans le correctif 301610mc.260424.epkg.Z",
          "product": {
            "name": "VIOS",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-40087",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40087"
        },
        {
          "name": "CVE-2026-39892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
        },
        {
          "name": "CVE-2026-33123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33123"
        },
        {
          "name": "CVE-2026-22013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
        },
        {
          "name": "CVE-2026-22018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
        },
        {
          "name": "CVE-2026-34073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
        },
        {
          "name": "CVE-2021-23337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
        },
        {
          "name": "CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "name": "CVE-2026-25645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
        },
        {
          "name": "CVE-2026-4800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
        },
        {
          "name": "CVE-2026-0540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0540"
        },
        {
          "name": "CVE-2026-28389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
        },
        {
          "name": "CVE-2026-33671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
        },
        {
          "name": "CVE-2026-34515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34515"
        },
        {
          "name": "CVE-2026-34519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34519"
        },
        {
          "name": "CVE-2026-40175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
        },
        {
          "name": "CVE-2026-34518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34518"
        },
        {
          "name": "CVE-2026-34525",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34525"
        },
        {
          "name": "CVE-2026-28387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
        },
        {
          "name": "CVE-2026-28388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
        },
        {
          "name": "CVE-2026-4539",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4539"
        },
        {
          "name": "CVE-2026-2950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
        },
        {
          "name": "CVE-2026-22016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
        },
        {
          "name": "CVE-2026-22021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
        },
        {
          "name": "CVE-2026-22007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
        },
        {
          "name": "CVE-2026-27124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27124"
        },
        {
          "name": "CVE-2026-34268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
        },
        {
          "name": "CVE-2026-28390",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
        },
        {
          "name": "CVE-2026-33672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
        },
        {
          "name": "CVE-2026-27459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
        },
        {
          "name": "CVE-2026-34516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34516"
        },
        {
          "name": "CVE-2026-27448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
        },
        {
          "name": "CVE-2026-31789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
        },
        {
          "name": "CVE-2026-34517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34517"
        },
        {
          "name": "CVE-2026-32871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32871"
        },
        {
          "name": "CVE-2026-34513",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34513"
        },
        {
          "name": "CVE-2026-34514",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34514"
        },
        {
          "name": "CVE-2026-34520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34520"
        },
        {
          "name": "CVE-2025-64340",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64340"
        },
        {
          "name": "CVE-2026-28804",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
        },
        {
          "name": "CVE-2026-29063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
        },
        {
          "name": "CVE-2026-22815",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22815"
        },
        {
          "name": "CVE-2025-13465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
        },
        {
          "name": "CVE-2025-67221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
        },
        {
          "name": "CVE-2026-25547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
        },
        {
          "name": "CVE-2026-31790",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
        },
        {
          "name": "CVE-2026-34070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34070"
        }
      ],
      "initial_release_date": "2026-05-07T00:00:00",
      "last_revision_date": "2026-05-07T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0550",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-07T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-05-05",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7271707",
          "url": "https://www.ibm.com/support/pages/node/7271707"
        },
        {
          "published_at": "2026-05-06",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7271922",
          "url": "https://www.ibm.com/support/pages/node/7271922"
        },
        {
          "published_at": "2026-05-04",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7271681",
          "url": "https://www.ibm.com/support/pages/node/7271681"
        },
        {
          "published_at": "2026-05-05",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7271765",
          "url": "https://www.ibm.com/support/pages/node/7271765"
        }
      ]
    }

    CERTFR-2026-AVI-0196

    Vulnerability from certfr_avis - Published: 2026-02-20 - Updated: 2026-02-20

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Sterling Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.4 GA
    IBM Sterling Sterling External Authentication Server versions 6.1.1.x antérieures à 6.1.1.2 GA
    IBM Sterling Sterling Transformation Extender versions 10.1.2.1 sans le correctif APAR PH69842
    IBM VIOS VIOS versions 4.1.2 sans le correctif de sécurité IJ57232
    IBM Sterling Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.3 GA
    IBM Sterling Sterling Transformation Extender versions 10.1.0.2 sans le correctif APAR PH69842
    IBM Sterling Sterling Secure Proxy versions 6.2.0.x antérieures à 6.2.0.3 GA
    IBM Sterling Sterling Transformation Extender versions 10.1.1.1 sans le correctif APAR PH69842
    IBM AIX AIX versions 7.3.3 sans le correctif de sécurité IJ57128
    IBM Sterling Sterling Transformation Extender versions 11.0.0.0 sans le correctif APAR PH69842
    IBM AIX AIX versions 7.3.2 sans le correctif de sécurité IJ57231
    IBM Sterling Sterling Secure Proxy versions 6.2.1.x antérieures à 6.2.1.1 GA
    IBM AIX AIX versions 7.2.5 sans le correctif de sécurité IJ57162
    IBM AIX AIX versions 7.3.4 sans le correctif de sécurité IJ57232
    IBM VIOS VIOS versions 4.1.1 sans le correctif de sécurité IJ57128
    IBM VIOS VIOS versions 4.1.0 sans le correctif de sécurité IJ57231
    References
    Bulletin de sécurité IBM 7261040 2026-02-17 vendor-advisory
    Bulletin de sécurité IBM 2026-02-19 vendor-advisory
    Bulletin de sécurité IBM 7261053 2026-02-17 vendor-advisory
    Bulletin de sécurité IBM 7261039 2026-02-17 vendor-advisory
    Bulletin de sécurité IBM 7261181 2026-02-18 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.4 GA",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling External Authentication Server versions 6.1.1.x ant\u00e9rieures \u00e0 6.1.1.2 GA",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 10.1.2.1 sans le correctif APAR PH69842",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "VIOS versions 4.1.2 sans le correctif de s\u00e9curit\u00e9 IJ57232",
          "product": {
            "name": "VIOS",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.3 GA",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 10.1.0.2 sans le correctif APAR PH69842",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Secure Proxy versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.3 GA",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 10.1.1.1 sans le correctif APAR PH69842",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.3.3 sans le correctif de s\u00e9curit\u00e9 IJ57128",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 11.0.0.0 sans le correctif APAR PH69842",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.3.2 sans le correctif de s\u00e9curit\u00e9 IJ57231",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Secure Proxy versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.1 GA",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.2.5 sans le correctif de s\u00e9curit\u00e9 IJ57162",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.3.4 sans le correctif de s\u00e9curit\u00e9 IJ57232",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "VIOS versions 4.1.1 sans le correctif de s\u00e9curit\u00e9 IJ57128",
          "product": {
            "name": "VIOS",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "VIOS versions 4.1.0 sans le correctif de s\u00e9curit\u00e9 IJ57231",
          "product": {
            "name": "VIOS",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-21933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
        },
        {
          "name": "CVE-2026-21932",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
        },
        {
          "name": "CVE-2025-12816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
        },
        {
          "name": "CVE-2025-62230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62230"
        },
        {
          "name": "CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "name": "CVE-2026-21925",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
        },
        {
          "name": "CVE-2025-66031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
        },
        {
          "name": "CVE-2025-66030",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
        },
        {
          "name": "CVE-2025-62231",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62231"
        },
        {
          "name": "CVE-2026-21945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
        },
        {
          "name": "CVE-2025-48924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
        },
        {
          "name": "CVE-2025-8916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
        },
        {
          "name": "CVE-2025-8885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
        },
        {
          "name": "CVE-2025-64756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
        },
        {
          "name": "CVE-2025-58754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
        },
        {
          "name": "CVE-2025-53057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
        },
        {
          "name": "CVE-2025-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
        },
        {
          "name": "CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        }
      ],
      "initial_release_date": "2026-02-20T00:00:00",
      "last_revision_date": "2026-02-20T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0196",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-02-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-02-17",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7261040",
          "url": "https://www.ibm.com/support/pages/node/7261040"
        },
        {
          "published_at": "2026-02-19",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM",
          "url": "https://www.ibm.com/support/pages/node/7261396"
        },
        {
          "published_at": "2026-02-17",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7261053",
          "url": "https://www.ibm.com/support/pages/node/7261053"
        },
        {
          "published_at": "2026-02-17",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7261039",
          "url": "https://www.ibm.com/support/pages/node/7261039"
        },
        {
          "published_at": "2026-02-18",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7261181",
          "url": "https://www.ibm.com/support/pages/node/7261181"
        }
      ]
    }

    CERTFR-2025-AVI-1108

    Vulnerability from certfr_avis - Published: 2025-12-12 - Updated: 2025-12-12

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM AIX AIX versions 7.3.x sans le correctif de sécurité 9086sa.251123.epkg.Z
    IBM QRadar SIEM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14 IF02
    References
    Bulletin de sécurité IBM 7253912 2025-12-05 vendor-advisory
    Bulletin de sécurité IBM 7254360 2025-12-10 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "AIX versions 7.3.x sans le correctif de s\u00e9curit\u00e9 \t9086sa.251123.epkg.Z",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14 IF02",
          "product": {
            "name": "QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2022-50367",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-50367"
        },
        {
          "name": "CVE-2022-50386",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-50386"
        },
        {
          "name": "CVE-2024-13009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
        },
        {
          "name": "CVE-2023-0833",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0833"
        },
        {
          "name": "CVE-2025-39864",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39864"
        },
        {
          "name": "CVE-2025-39849",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39849"
        },
        {
          "name": "CVE-2023-48795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
        },
        {
          "name": "CVE-2023-53178",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53178"
        },
        {
          "name": "CVE-2023-53257",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53257"
        },
        {
          "name": "CVE-2025-40778",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
        },
        {
          "name": "CVE-2025-9086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
        },
        {
          "name": "CVE-2025-40300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40300"
        },
        {
          "name": "CVE-2023-53226",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53226"
        },
        {
          "name": "CVE-2025-39817",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39817"
        },
        {
          "name": "CVE-2023-53386",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53386"
        },
        {
          "name": "CVE-2023-53297",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53297"
        },
        {
          "name": "CVE-2025-53057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
        },
        {
          "name": "CVE-2025-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
        },
        {
          "name": "CVE-2025-39841",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39841"
        }
      ],
      "initial_release_date": "2025-12-12T00:00:00",
      "last_revision_date": "2025-12-12T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1108",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-12-12T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-12-05",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7253912",
          "url": "https://www.ibm.com/support/pages/node/7253912"
        },
        {
          "published_at": "2025-12-10",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7254360",
          "url": "https://www.ibm.com/support/pages/node/7254360"
        }
      ]
    }

    CERTFR-2025-AVI-1013

    Vulnerability from certfr_avis - Published: 2025-11-14 - Updated: 2025-11-14

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM AIX AIX versions 7.2.5 sans le correctif de sécurité IJ55968 SP11
    IBM Sterling Sterling Transformation Extender versions 11.0.2.0 sans le correctif de sécurité PH68819
    IBM QRadar QRadar Network Packet Capture versions 7.5.x antérieures à QRadar Network Packet Capture 7.5.0 Update Package 14
    IBM AIX AIX versions 7.3.2 sans le correctif de sécurité IJ56113
    IBM Sterling Sterling Transformation Extender versions 11.0.1.1 sans le correctif de sécurité PH68819
    IBM Sterling Sterling Transformation Extender versions 11.0.0.0 sans le correctif de sécurité PH68266
    IBM WebSphere WebSphere Application Server versions 9.0.x sans le correctif de sécurité 9.0.5.27
    IBM Sterling Sterling Transformation Extender versions 10.1.1.1 sans le correctif de sécurité PH68266
    IBM Db2 Db2 versions 11.5.x sans le dernier correctif de sécurité
    IBM Tivoli Tivoli Application Dependency Discovery Manager versions 7.3.x à 7.3.0.12 sans le correctif de sécurité efix_CVE-2025-48976_FP12250331.zip
    IBM N/A QRadar DNS Analyzer App versions antérieures à 2.0.4
    IBM Db2 Db2 versions 12.1.x antérieures à 12.1.3 sans le dernier correctif de sécurité
    IBM WebSphere WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.11 sans le correctif de sécurité 25.0.0.12
    IBM WebSphere WebSphere Application Server versions 8.5.x sans le correctif de sécurité 8.5.5.29
    IBM AIX AIX versions 7.3.1 sans le correctif de sécurité IJ56230
    IBM Cognos Analytics Cognos Analytics Certified Containers versions 1.2.1.x antérieures à 12.1.1
    IBM Sterling Sterling Transformation Extender versions 10.1.2.1 sans le correctif de sécurité PH68266
    IBM Db2 Db2 versions 11.1.x sans le dernier correctif de sécurité
    IBM Sterling Sterling Transformation Extender versions 10.1.0.2 sans le correctif de sécurité PH68266
    IBM AIX AIX versions 7.3.3 sans le correctif de sécurité IJ55897 SP2
    IBM Storage Protect Storage Protect Operations Center versions 8.1.x antérieures à 8.1.27.100
    IBM QRadar SIEM QRadar SIEM versions 7.5 à 7.5.0 IP14 sans les correctif de sécurité QRadar 7.5.0 UP14 IF01 et 7.5.0 QRadar Protocol MicrosoftAzureEventHubs
    References
    Bulletin de sécurité IBM 7250959 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7249983 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250785 2025-11-11 vendor-advisory
    Bulletin de sécurité IBM 7249992 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7249994 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250921 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250486 2025-11-07 vendor-advisory
    Bulletin de sécurité IBM 7250907 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250395 2025-11-07 vendor-advisory
    Bulletin de sécurité IBM 7250956 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250763 2025-11-10 vendor-advisory
    Bulletin de sécurité IBM 7250474 2025-11-07 vendor-advisory
    Bulletin de sécurité IBM 7250971 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7250926 2025-11-12 vendor-advisory
    Bulletin de sécurité IBM 7251173 2025-11-13 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "AIX versions 7.2.5 sans le correctif de s\u00e9curit\u00e9 IJ55968 SP11",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 11.0.2.0 sans le correctif de s\u00e9curit\u00e9 PH68819",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 QRadar Network Packet Capture 7.5.0 Update Package 14",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.3.2 sans le correctif de s\u00e9curit\u00e9 IJ56113",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 11.0.1.1 sans le correctif de s\u00e9curit\u00e9 PH68819",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 11.0.0.0 sans le correctif de s\u00e9curit\u00e9 PH68266",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9  9.0.5.27",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 10.1.1.1 sans le correctif de s\u00e9curit\u00e9 PH68266",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 11.5.x sans le dernier correctif de s\u00e9curit\u00e9 ",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Tivoli Application Dependency Discovery Manager versions 7.3.x \u00e0 7.3.0.12 sans le correctif de s\u00e9curit\u00e9 efix_CVE-2025-48976_FP12250331.zip",
          "product": {
            "name": "Tivoli",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar DNS Analyzer App versions ant\u00e9rieures \u00e0 2.0.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.3 sans le dernier correctif de s\u00e9curit\u00e9 ",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.11 sans le correctif de s\u00e9curit\u00e9 25.0.0.12",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 8.5.x sans le correctif de s\u00e9curit\u00e9  8.5.5.29",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.3.1 sans le correctif de s\u00e9curit\u00e9 IJ56230",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Analytics Certified Containers versions 1.2.1.x ant\u00e9rieures \u00e0 12.1.1",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 10.1.2.1 sans le correctif de s\u00e9curit\u00e9 PH68266",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 11.1.x sans le dernier correctif de s\u00e9curit\u00e9 ",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Transformation Extender versions 10.1.0.2 sans le correctif de s\u00e9curit\u00e9 PH68266",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.3.3 sans le correctif de s\u00e9curit\u00e9 IJ55897 SP2",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Storage Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.27.100",
          "product": {
            "name": "Storage Protect",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar SIEM versions 7.5 \u00e0 7.5.0 IP14 sans les correctif de s\u00e9curit\u00e9 QRadar 7.5.0 UP14 IF01 et 7.5.0 QRadar Protocol MicrosoftAzureEventHubs ",
          "product": {
            "name": "QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-6395",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
        },
        {
          "name": "CVE-2025-22026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
        },
        {
          "name": "CVE-2024-1597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
        },
        {
          "name": "CVE-2023-1370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
        },
        {
          "name": "CVE-2025-36236",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36236"
        },
        {
          "name": "CVE-2025-49812",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
        },
        {
          "name": "CVE-2025-39757",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
        },
        {
          "name": "CVE-2023-46308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
        },
        {
          "name": "CVE-2024-49350",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49350"
        },
        {
          "name": "CVE-2025-36251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36251"
        },
        {
          "name": "CVE-2025-49146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
        },
        {
          "name": "CVE-2025-55752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
        },
        {
          "name": "CVE-2025-38461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
        },
        {
          "name": "CVE-2025-7962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
        },
        {
          "name": "CVE-2025-36250",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36250"
        },
        {
          "name": "CVE-2024-35255",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
        },
        {
          "name": "CVE-2025-50106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
        },
        {
          "name": "CVE-2025-38527",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38527"
        },
        {
          "name": "CVE-2025-38449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38449"
        },
        {
          "name": "CVE-2022-41946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
        },
        {
          "name": "CVE-2025-39730",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39730"
        },
        {
          "name": "CVE-2025-1992",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1992"
        },
        {
          "name": "CVE-2025-30754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
        },
        {
          "name": "CVE-2025-36097",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
        },
        {
          "name": "CVE-2020-16971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-16971"
        },
        {
          "name": "CVE-2022-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
        },
        {
          "name": "CVE-2022-3509",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
        },
        {
          "name": "CVE-2025-4565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
        },
        {
          "name": "CVE-2025-5318",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
        },
        {
          "name": "CVE-2025-36186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
        },
        {
          "name": "CVE-2024-56347",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56347"
        },
        {
          "name": "CVE-2025-37797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
        },
        {
          "name": "CVE-2025-61795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
        },
        {
          "name": "CVE-2024-7254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
        },
        {
          "name": "CVE-2024-52533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
        },
        {
          "name": "CVE-2023-53125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53125"
        },
        {
          "name": "CVE-2025-32990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
        },
        {
          "name": "CVE-2025-2518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2518"
        },
        {
          "name": "CVE-2025-41244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
        },
        {
          "name": "CVE-2022-49985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49985"
        },
        {
          "name": "CVE-2025-50059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
        },
        {
          "name": "CVE-2025-1493",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1493"
        },
        {
          "name": "CVE-2025-38556",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
        },
        {
          "name": "CVE-2023-26133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
        },
        {
          "name": "CVE-2024-47252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
        },
        {
          "name": "CVE-2025-30761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
        },
        {
          "name": "CVE-2025-36096",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36096"
        },
        {
          "name": "CVE-2025-3050",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-3050"
        },
        {
          "name": "CVE-2025-38718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38718"
        },
        {
          "name": "CVE-2025-38392",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38392"
        },
        {
          "name": "CVE-2023-53373",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53373"
        },
        {
          "name": "CVE-2025-32988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
        },
        {
          "name": "CVE-2025-0915",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-0915"
        },
        {
          "name": "CVE-2024-52903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52903"
        },
        {
          "name": "CVE-2025-38352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
        },
        {
          "name": "CVE-2025-30749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
        },
        {
          "name": "CVE-2023-45287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
        },
        {
          "name": "CVE-2024-56346",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56346"
        },
        {
          "name": "CVE-2025-38350",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
        },
        {
          "name": "CVE-2025-1000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1000"
        },
        {
          "name": "CVE-2022-31197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31197"
        },
        {
          "name": "CVE-2025-40928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40928"
        },
        {
          "name": "CVE-2022-50087",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-50087"
        },
        {
          "name": "CVE-2025-38498",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
        },
        {
          "name": "CVE-2025-53057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
        },
        {
          "name": "CVE-2022-3171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
        },
        {
          "name": "CVE-2025-49630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
        },
        {
          "name": "CVE-2025-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
        },
        {
          "name": "CVE-2025-33150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33150"
        },
        {
          "name": "CVE-2025-47273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
        },
        {
          "name": "CVE-2024-6345",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
        },
        {
          "name": "CVE-2024-57699",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
        },
        {
          "name": "CVE-2024-47619",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47619"
        }
      ],
      "initial_release_date": "2025-11-14T00:00:00",
      "last_revision_date": "2025-11-14T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1013",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-11-14T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250959",
          "url": "https://www.ibm.com/support/pages/node/7250959"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249983",
          "url": "https://www.ibm.com/support/pages/node/7249983"
        },
        {
          "published_at": "2025-11-11",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250785",
          "url": "https://www.ibm.com/support/pages/node/7250785"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249992",
          "url": "https://www.ibm.com/support/pages/node/7249992"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249994",
          "url": "https://www.ibm.com/support/pages/node/7249994"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250921",
          "url": "https://www.ibm.com/support/pages/node/7250921"
        },
        {
          "published_at": "2025-11-07",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250486",
          "url": "https://www.ibm.com/support/pages/node/7250486"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250907",
          "url": "https://www.ibm.com/support/pages/node/7250907"
        },
        {
          "published_at": "2025-11-07",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250395",
          "url": "https://www.ibm.com/support/pages/node/7250395"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250956",
          "url": "https://www.ibm.com/support/pages/node/7250956"
        },
        {
          "published_at": "2025-11-10",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250763",
          "url": "https://www.ibm.com/support/pages/node/7250763"
        },
        {
          "published_at": "2025-11-07",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250474",
          "url": "https://www.ibm.com/support/pages/node/7250474"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250971",
          "url": "https://www.ibm.com/support/pages/node/7250971"
        },
        {
          "published_at": "2025-11-12",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250926",
          "url": "https://www.ibm.com/support/pages/node/7250926"
        },
        {
          "published_at": "2025-11-13",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7251173",
          "url": "https://www.ibm.com/support/pages/node/7251173"
        }
      ]
    }

    CERTFR-2025-AVI-0546

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM WebSphere WebSphere Application Server versions 8.5.x sans les derniers correctifs de sécurité
    IBM WebSphere Service Registry and Repository WebSphere Service Registry and Repository sans les derniers correctifs de sécurité
    IBM Sterling Connect:Direct Sterling Connect:Direct Web services versions 6.4.x antérieures à 6.4.0.3
    IBM WebSphere WebSphere Application Server versions 9.0.x sans les derniers correctifs de sécurité
    IBM Sterling Connect:Direct Sterling Connect:Direct Web services versions 6.3.x antérieures à 6.3.0.14
    IBM Spectrum Spectrum Protect Plus versions 10.1.x antérieures à 10.1.17.1
    IBM QRadar QRadar Hub versions antérieures à 3.8.3
    IBM AIX AIX versions 7.3.x sans les derniers correctif de sécurité
    IBM Db2 DB2 Data Management Console pour CPD versions antérieures à 4.8.7
    IBM QRadar Deployment Intelligence App QRadar Deployment Intelligence App versions antérieures à 3.0.17
    References
    Bulletin de sécurité IBM 7238297 2025-06-27 vendor-advisory
    Bulletin de sécurité IBM 7237702 2025-06-23 vendor-advisory
    Bulletin de sécurité IBM 7237967 2025-06-25 vendor-advisory
    Bulletin de sécurité IBM 7238168 2025-06-26 vendor-advisory
    Bulletin de sécurité IBM 7238156 2025-06-26 vendor-advisory
    Bulletin de sécurité IBM 7238155 2025-06-26 vendor-advisory
    Bulletin de sécurité IBM 7238295 2025-06-27 vendor-advisory
    Bulletin de sécurité IBM 7238159 2025-06-26 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "WebSphere Application Server versions 8.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "WebSphere Service Registry and Repository",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct Web services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 9.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct Web services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.14",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.17.1",
          "product": {
            "name": "Spectrum",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Hub versions ant\u00e9rieures \u00e0 3.8.3",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "AIX versions 7.3.x sans les derniers correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "AIX",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "DB2 Data Management Console pour CPD versions ant\u00e9rieures \u00e0 4.8.7",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.17",
          "product": {
            "name": "QRadar Deployment Intelligence App",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2023-25577",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
        },
        {
          "name": "CVE-2024-37891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
        },
        {
          "name": "CVE-2025-27516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
        },
        {
          "name": "CVE-2024-49766",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
        },
        {
          "name": "CVE-2023-23934",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
        },
        {
          "name": "CVE-2024-34069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
        },
        {
          "name": "CVE-2024-8176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
        },
        {
          "name": "CVE-2020-29651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-29651"
        },
        {
          "name": "CVE-2024-45590",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
        },
        {
          "name": "CVE-2024-8305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-8305"
        },
        {
          "name": "CVE-2023-1409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1409"
        },
        {
          "name": "CVE-2024-45338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
        },
        {
          "name": "CVE-2024-7553",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
        },
        {
          "name": "CVE-2024-36124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-36124"
        },
        {
          "name": "CVE-2024-56406",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
        },
        {
          "name": "CVE-2025-27152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
        },
        {
          "name": "CVE-2024-22195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
        },
        {
          "name": "CVE-2024-8207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-8207"
        },
        {
          "name": "CVE-2024-3372",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-3372"
        },
        {
          "name": "CVE-2025-33214",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33214"
        },
        {
          "name": "CVE-2024-45296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
        },
        {
          "name": "CVE-2023-46136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
        },
        {
          "name": "CVE-2024-35195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
        },
        {
          "name": "CVE-2019-20916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
        },
        {
          "name": "CVE-2020-7789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
        },
        {
          "name": "CVE-2024-52798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
        },
        {
          "name": "CVE-2024-49767",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
        },
        {
          "name": "CVE-2025-41232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
        },
        {
          "name": "CVE-2025-22870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
        },
        {
          "name": "CVE-2023-1077",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
        },
        {
          "name": "CVE-2025-27789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
        },
        {
          "name": "CVE-2022-42969",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
        },
        {
          "name": "CVE-2023-30861",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
        },
        {
          "name": "CVE-2024-34064",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
        },
        {
          "name": "CVE-2023-32681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
        },
        {
          "name": "CVE-2024-56334",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56334"
        },
        {
          "name": "CVE-2020-28493",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
        },
        {
          "name": "CVE-2024-6375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6375"
        },
        {
          "name": "CVE-2025-36038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
        },
        {
          "name": "CVE-2024-6345",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0546",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-06-27T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-06-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238297",
          "url": "https://www.ibm.com/support/pages/node/7238297"
        },
        {
          "published_at": "2025-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7237702",
          "url": "https://www.ibm.com/support/pages/node/7237702"
        },
        {
          "published_at": "2025-06-25",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7237967",
          "url": "https://www.ibm.com/support/pages/node/7237967"
        },
        {
          "published_at": "2025-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238168",
          "url": "https://www.ibm.com/support/pages/node/7238168"
        },
        {
          "published_at": "2025-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238156",
          "url": "https://www.ibm.com/support/pages/node/7238156"
        },
        {
          "published_at": "2025-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238155",
          "url": "https://www.ibm.com/support/pages/node/7238155"
        },
        {
          "published_at": "2025-06-27",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238295",
          "url": "https://www.ibm.com/support/pages/node/7238295"
        },
        {
          "published_at": "2025-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238159",
          "url": "https://www.ibm.com/support/pages/node/7238159"
        }
      ]
    }

    CVE-2026-6732 (GCVE-0-2026-6732)

    Vulnerability from nvd – Published: 2026-04-23 22:19 – Updated: 2026-04-30 17:11
    VLAI
    Title
    Libxml2: libxml2: denial of service via crafted xsd-validated document
    Summary
    A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    Impacted products
    Date Public
    2026-04-16 00:00
    Credits
    Red Hat would like to thank Ariel Schon for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6732",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-24T10:53:00.163293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-24T10:54:21.129Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.3-0.1.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Ariel Schon for reporting this issue."
            }
          ],
          "datePublic": "2026-04-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T17:11:03.871Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:11503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:11503"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-6732"
            },
            {
              "name": "RHBZ#2461300",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461300"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-23T22:04:33.973Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml2: libxml2: denial of service via crafted xsd-validated document",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-6732",
        "datePublished": "2026-04-23T22:19:34.322Z",
        "dateReserved": "2026-04-20T22:34:45.863Z",
        "dateUpdated": "2026-04-30T17:11:03.871Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0992 (GCVE-0-2026-0992)

    Vulnerability from nvd – Published: 2026-01-15 14:20 – Updated: 2026-04-22 09:31
    VLAI
    Title
    Libxml2: libxml2: denial of service via crafted xml catalogs
    Summary
    A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Date Public
    2026-01-15 00:00
    Credits
    Red Hat would like to thank Nick Wellnhofer for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0992",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-15T16:31:06.823175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-15T16:39:47.982Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.2-0.3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Nick Wellnhofer for reporting this issue."
            }
          ],
          "datePublic": "2026-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T09:31:04.354Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:7519",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7519"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-0992"
            },
            {
              "name": "RHBZ#2429975",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429975"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-15T13:29:32.742Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml2: libxml2: denial of service via crafted xml catalogs",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-0992",
        "datePublished": "2026-01-15T14:20:24.934Z",
        "dateReserved": "2026-01-15T13:34:08.872Z",
        "dateUpdated": "2026-04-22T09:31:04.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0990 (GCVE-0-2026-0990)

    Vulnerability from nvd – Published: 2026-01-15 14:20 – Updated: 2026-04-22 09:30
    VLAI
    Title
    Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing
    Summary
    A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-01-15 00:00
    Credits
    Red Hat would like to thank Nick Wellnhofer for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0990",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-15T16:31:20.247968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-15T16:39:20.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.2-0.3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Nick Wellnhofer for reporting this issue."
            }
          ],
          "datePublic": "2026-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T09:30:55.859Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:7519",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7519"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-0990"
            },
            {
              "name": "RHBZ#2429959",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429959"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-15T13:15:23.187Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-674: Uncontrolled Recursion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-0990",
        "datePublished": "2026-01-15T14:20:06.515Z",
        "dateReserved": "2026-01-15T13:15:10.756Z",
        "dateUpdated": "2026-04-22T09:30:55.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0989 (GCVE-0-2026-0989)

    Vulnerability from nvd – Published: 2026-01-15 14:20 – Updated: 2026-04-22 09:31
    VLAI
    Title
    Libxml2: unbounded relaxng include recursion leading to stack overflow
    Summary
    A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-01-15 00:00
    Credits
    Red Hat would like to thank lanbigking for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0989",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-15T16:31:12.583434Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-15T16:39:34.311Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.2-0.3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank lanbigking for reporting this issue."
            }
          ],
          "datePublic": "2026-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T09:31:01.948Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:7519",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7519"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-0989"
            },
            {
              "name": "RHBZ#2429933",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429933"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/998"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-15T12:36:12.129Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml2: unbounded relaxng include recursion leading to stack overflow",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, restrict applications using libxml2 from processing untrusted RelaxNG schema files. Implement strict input validation and sanitization for all RelaxNG schema inputs to prevent the parsing of maliciously crafted, deeply nested include directives."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-674: Uncontrolled Recursion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-0989",
        "datePublished": "2026-01-15T14:20:23.274Z",
        "dateReserved": "2026-01-15T12:38:51.419Z",
        "dateUpdated": "2026-04-22T09:31:01.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36251 (GCVE-0-2025-36251)

    Vulnerability from nvd – Published: 2025-11-13 22:01 – Updated: 2026-02-26 16:56
    VLAI
    Title
    AIX Command Execution
    Summary
    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7251173 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM AIX Affected: 7.2
    Affected: 7.3
        cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*
        cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM VIOS Affected: 3.1
    Affected: 4.1
        cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-15T04:56:15.618808Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:59.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"
              ],
              "product": "AIX",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2"
                },
                {
                  "status": "affected",
                  "version": "7.3"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*"
              ],
              "product": "VIOS",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.\u003c/p\u003e"
                }
              ],
              "value": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-114",
                  "description": "CWE-114 Process Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T22:01:13.345Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7251173\"\u003ehttps://www.ibm.com/support/pages/node/7251173\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin:\u00a0 https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "title": "AIX Command Execution",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36251",
        "datePublished": "2025-11-13T22:01:13.345Z",
        "dateReserved": "2025-04-15T21:16:44.886Z",
        "dateUpdated": "2026-02-26T16:56:59.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36250 (GCVE-0-2025-36250)

    Vulnerability from nvd – Published: 2025-11-13 22:01 – Updated: 2026-02-26 16:56
    VLAI
    Title
    AIX Code Execution
    Summary
    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls.  This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7251173 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM AIX Affected: 7.2
    Affected: 7.3
        cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*
        cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM VIOS Affected: 3.1
    Affected: 4.1
        cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36250",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-15T04:56:16.988613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:58.500Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"
              ],
              "product": "AIX",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2"
                },
                {
                  "status": "affected",
                  "version": "7.3"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*"
              ],
              "product": "VIOS",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. \u0026nbsp;This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.\u003c/p\u003e"
                }
              ],
              "value": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. \u00a0This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-114",
                  "description": "CWE-114 Process Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T22:01:27.447Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7251173\"\u003ehttps://www.ibm.com/support/pages/node/7251173\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin:  https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "title": "AIX Code Execution",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36250",
        "datePublished": "2025-11-13T22:01:27.447Z",
        "dateReserved": "2025-04-15T21:16:44.886Z",
        "dateUpdated": "2026-02-26T16:56:58.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36236 (GCVE-0-2025-36236)

    Vulnerability from nvd – Published: 2025-11-13 22:01 – Updated: 2025-11-14 15:25
    VLAI
    Title
    AIX Path Traversal
    Summary
    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7251173 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM AIX Affected: 7.2
    Affected: 7.3
        cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*
        cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM VIOS Affected: 3.1
    Affected: 4.1
        cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36236",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T15:24:50.328671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-14T15:25:04.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"
              ],
              "product": "AIX",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2"
                },
                {
                  "status": "affected",
                  "version": "7.3"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*"
              ],
              "product": "VIOS",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system.\u003c/p\u003e"
                }
              ],
              "value": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T22:01:31.264Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7251173\"\u003ehttps://www.ibm.com/support/pages/node/7251173\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin:  https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "title": "AIX Path Traversal",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36236",
        "datePublished": "2025-11-13T22:01:31.264Z",
        "dateReserved": "2025-04-15T21:16:42.824Z",
        "dateUpdated": "2025-11-14T15:25:04.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36096 (GCVE-0-2025-36096)

    Vulnerability from nvd – Published: 2025-11-13 22:01 – Updated: 2026-02-26 16:56
    VLAI
    Title
    AIX Insufficiently Protected Credentials
    Summary
    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7251173 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM AIX Affected: 7.2
    Affected: 7.3
        cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*
        cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM VIOS Affected: 3.1
    Affected: 4.1
        cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36096",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-15T04:56:16.309377Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:58.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"
              ],
              "product": "AIX",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2"
                },
                {
                  "status": "affected",
                  "version": "7.3"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*"
              ],
              "product": "VIOS",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T22:01:22.072Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7251173\"\u003ehttps://www.ibm.com/support/pages/node/7251173\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin:  https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "title": "AIX Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36096",
        "datePublished": "2025-11-13T22:01:22.072Z",
        "dateReserved": "2025-04-15T21:16:14.711Z",
        "dateUpdated": "2026-02-26T16:56:58.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62230 (GCVE-0-2025-62230)

    Vulnerability from nvd – Published: 2025-10-30 05:19 – Updated: 2026-04-20 13:50
    VLAI
    Title
    Xorg: xwayland: use-after-free in xkb client resource removal
    Summary
    A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:19432 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19433 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19434 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19435 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19489 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19623 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19909 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20958 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20960 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20961 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22040 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22051 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22055 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22056 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22077 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22164 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22167 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22364 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22426 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22427 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22667 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22742 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22753 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0031 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0033 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0034 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0036 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-62230 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2402653 issue-trackingx_refsource_REDHAT
    https://lists.x.org/archives/xorg-announce/2025-O…
    https://lists.debian.org/debian-lts-announce/2025…
    http://www.openwall.com/lists/oss-security/2025/10/28/7
    Impacted products
    Vendor Product Version
    X.Org Xwayland Affected: 0 , < 24.1.9 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:24.1.5-5.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:24.1.5-5.el10_1 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Unaffected: 0:1.1.0-25.el6_10.15 , < * (rpm)
        cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.20.4-33.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.8.0-36.el7_9.3 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:21.1.3-19.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.20.11-27.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.15.0-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.9.0-15.el8_2.15 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.20.6-5.el8_2 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.11.0-8.el8_4.14 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.20.10-3.el8_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.11.0-8.el8_4.14 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.20.10-3.el8_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.12.0-15.el8_8.16 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.20.11-17.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:21.1.3-12.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.12.0-15.el8_8.16 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.20.11-17.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:21.1.3-12.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.11-32.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.14.1-9.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:23.2.7-5.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.15.0-6.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:23.2.7-5.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.11-32.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.11.0-22.el9_0.16 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.20.11-12.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:21.1.3-4.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.12.0-14.el9_2.13 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.20.11-19.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:21.1.3-9.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.13.1-8.el9_4.8 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.20.11-27.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:22.1.9-7.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-10-29 00:00
    Credits
    Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62230",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T03:55:34.138515Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:53.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:14:18.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/10/28/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
              "defaultStatus": "unaffected",
              "packageName": "xwayland",
              "product": "Xwayland",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "24.1.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:24.1.5-5.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.1"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:24.1.5-5.el10_1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:6"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-25.el6_10.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.4-33.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-36.el7_9.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-19.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-27.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.15.0-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-15.el8_2.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.6-5.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.10-3.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.10-3.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-15.el8_8.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-17.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-12.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-15.el8_8.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-17.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-12.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-32.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.14.1-9.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.2.7-5.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.15.0-6.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.2.7-5.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-32.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-22.el9_0.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-12.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-4.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-14.el9_2.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-19.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-9.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.13.1-8.el9_4.8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/a:redhat:rhel_eus:9.4::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-27.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:22.1.9-7.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue."
            }
          ],
          "datePublic": "2025-10-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was discovered in the X.Org X server\u2019s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-20T13:50:16.428Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:19432",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19432"
            },
            {
              "name": "RHSA-2025:19433",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19433"
            },
            {
              "name": "RHSA-2025:19434",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19434"
            },
            {
              "name": "RHSA-2025:19435",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19435"
            },
            {
              "name": "RHSA-2025:19489",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19489"
            },
            {
              "name": "RHSA-2025:19623",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19623"
            },
            {
              "name": "RHSA-2025:19909",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19909"
            },
            {
              "name": "RHSA-2025:20958",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20958"
            },
            {
              "name": "RHSA-2025:20960",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20960"
            },
            {
              "name": "RHSA-2025:20961",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20961"
            },
            {
              "name": "RHSA-2025:21035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21035"
            },
            {
              "name": "RHSA-2025:22040",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22040"
            },
            {
              "name": "RHSA-2025:22041",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22041"
            },
            {
              "name": "RHSA-2025:22051",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22051"
            },
            {
              "name": "RHSA-2025:22055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22055"
            },
            {
              "name": "RHSA-2025:22056",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22056"
            },
            {
              "name": "RHSA-2025:22077",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22077"
            },
            {
              "name": "RHSA-2025:22096",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22096"
            },
            {
              "name": "RHSA-2025:22164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22164"
            },
            {
              "name": "RHSA-2025:22167",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22167"
            },
            {
              "name": "RHSA-2025:22364",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22364"
            },
            {
              "name": "RHSA-2025:22365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22365"
            },
            {
              "name": "RHSA-2025:22426",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22426"
            },
            {
              "name": "RHSA-2025:22427",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22427"
            },
            {
              "name": "RHSA-2025:22667",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22667"
            },
            {
              "name": "RHSA-2025:22729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22729"
            },
            {
              "name": "RHSA-2025:22742",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22742"
            },
            {
              "name": "RHSA-2025:22753",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22753"
            },
            {
              "name": "RHSA-2026:0031",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0031"
            },
            {
              "name": "RHSA-2026:0033",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0033"
            },
            {
              "name": "RHSA-2026:0034",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0034"
            },
            {
              "name": "RHSA-2026:0035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0035"
            },
            {
              "name": "RHSA-2026:0036",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0036"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-62230"
            },
            {
              "name": "RHBZ#2402653",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402653"
            },
            {
              "url": "https://lists.x.org/archives/xorg-announce/2025-October/003635.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-09T06:00:07.571Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-10-29T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Xorg: xwayland: use-after-free in xkb client resource removal",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-416: Use After Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-62230",
        "datePublished": "2025-10-30T05:19:40.445Z",
        "dateReserved": "2025-10-09T04:46:44.074Z",
        "dateUpdated": "2026-04-20T13:50:16.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62231 (GCVE-0-2025-62231)

    Vulnerability from nvd – Published: 2025-10-30 05:08 – Updated: 2026-04-20 13:50
    VLAI
    Title
    Xorg: xmayland: value overflow in xkbsetcompatmap()
    Summary
    A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:19432 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19433 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19434 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19435 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19489 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19623 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19909 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20958 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20960 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20961 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22040 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22051 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22055 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22056 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22077 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22164 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22167 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22364 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22426 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22427 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22667 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22742 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22753 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0031 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0033 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0034 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0036 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-62231 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2402660 issue-trackingx_refsource_REDHAT
    https://lists.x.org/archives/xorg-announce/2025-O…
    https://lists.debian.org/debian-lts-announce/2025…
    http://www.openwall.com/lists/oss-security/2025/10/28/7
    Impacted products
    Vendor Product Version
    X.Org Xwayland Affected: 0 , < 24.1.9 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:24.1.5-5.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:24.1.5-5.el10_1 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Unaffected: 0:1.1.0-25.el6_10.15 , < * (rpm)
        cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.20.4-33.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.8.0-36.el7_9.3 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:21.1.3-19.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.20.11-27.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.15.0-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.9.0-15.el8_2.15 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.20.6-5.el8_2 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.11.0-8.el8_4.14 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.20.10-3.el8_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.11.0-8.el8_4.14 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.20.10-3.el8_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.12.0-15.el8_8.16 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.20.11-17.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:21.1.3-12.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.12.0-15.el8_8.16 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.20.11-17.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:21.1.3-12.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.11-32.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.14.1-9.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:23.2.7-5.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.15.0-6.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:23.2.7-5.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.11-32.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.11.0-22.el9_0.16 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.20.11-12.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:21.1.3-4.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.12.0-14.el9_2.13 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.20.11-19.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:21.1.3-9.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.13.1-8.el9_4.8 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.20.11-27.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:22.1.9-7.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-10-29 00:00
    Credits
    Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62231",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T03:55:34.992282Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:54.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:14:19.743Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/10/28/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
              "defaultStatus": "unaffected",
              "packageName": "xwayland",
              "product": "Xwayland",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "24.1.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:24.1.5-5.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.1"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:24.1.5-5.el10_1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:6"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-25.el6_10.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.4-33.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-36.el7_9.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-19.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-27.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.15.0-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-15.el8_2.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.6-5.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.10-3.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.10-3.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-15.el8_8.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-17.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-12.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-15.el8_8.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-17.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-12.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-32.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.14.1-9.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.2.7-5.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.15.0-6.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.2.7-5.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-32.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-22.el9_0.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-12.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-4.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-14.el9_2.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-19.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-9.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.13.1-8.el9_4.8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/a:redhat:rhel_eus:9.4::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-27.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:22.1.9-7.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue."
            }
          ],
          "datePublic": "2025-10-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was identified in the X.Org X server\u2019s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-20T13:50:20.474Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:19432",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19432"
            },
            {
              "name": "RHSA-2025:19433",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19433"
            },
            {
              "name": "RHSA-2025:19434",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19434"
            },
            {
              "name": "RHSA-2025:19435",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19435"
            },
            {
              "name": "RHSA-2025:19489",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19489"
            },
            {
              "name": "RHSA-2025:19623",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19623"
            },
            {
              "name": "RHSA-2025:19909",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19909"
            },
            {
              "name": "RHSA-2025:20958",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20958"
            },
            {
              "name": "RHSA-2025:20960",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20960"
            },
            {
              "name": "RHSA-2025:20961",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20961"
            },
            {
              "name": "RHSA-2025:21035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21035"
            },
            {
              "name": "RHSA-2025:22040",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22040"
            },
            {
              "name": "RHSA-2025:22041",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22041"
            },
            {
              "name": "RHSA-2025:22051",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22051"
            },
            {
              "name": "RHSA-2025:22055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22055"
            },
            {
              "name": "RHSA-2025:22056",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22056"
            },
            {
              "name": "RHSA-2025:22077",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22077"
            },
            {
              "name": "RHSA-2025:22096",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22096"
            },
            {
              "name": "RHSA-2025:22164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22164"
            },
            {
              "name": "RHSA-2025:22167",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22167"
            },
            {
              "name": "RHSA-2025:22364",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22364"
            },
            {
              "name": "RHSA-2025:22365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22365"
            },
            {
              "name": "RHSA-2025:22426",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22426"
            },
            {
              "name": "RHSA-2025:22427",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22427"
            },
            {
              "name": "RHSA-2025:22667",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22667"
            },
            {
              "name": "RHSA-2025:22729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22729"
            },
            {
              "name": "RHSA-2025:22742",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22742"
            },
            {
              "name": "RHSA-2025:22753",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22753"
            },
            {
              "name": "RHSA-2026:0031",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0031"
            },
            {
              "name": "RHSA-2026:0033",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0033"
            },
            {
              "name": "RHSA-2026:0034",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0034"
            },
            {
              "name": "RHSA-2026:0035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0035"
            },
            {
              "name": "RHSA-2026:0036",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0036"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-62231"
            },
            {
              "name": "RHBZ#2402660",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402660"
            },
            {
              "url": "https://lists.x.org/archives/xorg-announce/2025-October/003635.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-09T06:41:16.314Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-10-29T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Xorg: xmayland: value overflow in xkbsetcompatmap()",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-62231",
        "datePublished": "2025-10-30T05:08:32.155Z",
        "dateReserved": "2025-10-09T04:46:44.074Z",
        "dateUpdated": "2026-04-20T13:50:20.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8732 (GCVE-0-2025-8732)

    Vulnerability from nvd – Published: 2025-08-08 16:32 – Updated: 2026-06-02 12:59 Disputed
    VLAI
    Title
    libxml2 xmlcatalog xmlParseSGMLCatalog recursion
    Summary
    A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a libxml2 Affected: 2.14.0
    Affected: 2.14.1
    Affected: 2.14.2
    Affected: 2.14.3
    Affected: 2.14.4
    Affected: 2.14.5
    Siemens RUGGEDCOM RST2428P Affected: 0 , < V4.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8732",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-08T17:04:09.914830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-08T17:12:15.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RST2428P",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T12:59:45.337Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "xmlcatalog"
              ],
              "product": "libxml2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.14.0"
                },
                {
                  "status": "affected",
                  "version": "2.14.1"
                },
                {
                  "status": "affected",
                  "version": "2.14.2"
                },
                {
                  "status": "affected",
                  "version": "2.14.3"
                },
                {
                  "status": "affected",
                  "version": "2.14.4"
                },
                {
                  "status": "affected",
                  "version": "2.14.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that \"[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all.\""
            },
            {
              "lang": "de",
              "value": "In libxml2 bis 2.14.5 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um die Funktion xmlParseSGMLCatalog der Komponente xmlcatalog. Durch Manipulieren mit unbekannten Daten kann eine uncontrolled recursion-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-08T16:32:06.990Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-319228 | libxml2 xmlcatalog xmlParseSGMLCatalog recursion",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.319228"
            },
            {
              "name": "VDB-319228 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.319228"
            },
            {
              "name": "Submit #622285 | LibXML2  xmlcatalog  the newest master stack overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.622285"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/958"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://drive.google.com/file/d/1woIeYVcSQB_NwfEhaVnX6MedpWJ_nqWl/view?usp=drive_link"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-08T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-08T09:55:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "libxml2 xmlcatalog xmlParseSGMLCatalog recursion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8732",
        "datePublished": "2025-08-08T16:32:06.990Z",
        "dateReserved": "2025-08-08T07:49:27.806Z",
        "dateUpdated": "2026-06-02T12:59:45.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-33112 (GCVE-0-2025-33112)

    Vulnerability from nvd – Published: 2025-06-10 16:28 – Updated: 2026-02-26 17:50
    VLAI
    Title
    IBM AIX command execution
    Summary
    IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7236103 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM AIX Affected: 7.3
        cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM VIOS Affected: 4.1.1
        cpe:2.3:a:ibm:vios:4.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-12T03:55:20.686481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:59.347Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "AIX",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.3"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:vios:4.1.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "VIOS",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input."
                }
              ],
              "value": "IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:57:38.663Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7236103"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM strongly recommends addressing the vulnerability now.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe AIX and VIOS fixes can be downloaded via https from:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://aix.software.ibm.com/aix/efixes/security/perl_fix9.tar\"\u003ehttps://aix.software.ibm.com/aix/efixes/security/perl_fix9.tar\u003c/a\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now.\n\n \n\nThe AIX and VIOS fixes can be downloaded via https from:\n\n https://aix.software.ibm.com/aix/efixes/security/perl_fix9.tar"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM AIX command execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33112",
        "datePublished": "2025-06-10T16:28:44.355Z",
        "dateReserved": "2025-04-15T17:50:49.744Z",
        "dateUpdated": "2026-02-26T17:50:59.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6732 (GCVE-0-2026-6732)

    Vulnerability from cvelistv5 – Published: 2026-04-23 22:19 – Updated: 2026-04-30 17:11
    VLAI
    Title
    Libxml2: libxml2: denial of service via crafted xsd-validated document
    Summary
    A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    Impacted products
    Date Public
    2026-04-16 00:00
    Credits
    Red Hat would like to thank Ariel Schon for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6732",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-24T10:53:00.163293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-24T10:54:21.129Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.3-0.1.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Ariel Schon for reporting this issue."
            }
          ],
          "datePublic": "2026-04-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T17:11:03.871Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:11503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:11503"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-6732"
            },
            {
              "name": "RHBZ#2461300",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461300"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-23T22:04:33.973Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml2: libxml2: denial of service via crafted xsd-validated document",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-6732",
        "datePublished": "2026-04-23T22:19:34.322Z",
        "dateReserved": "2026-04-20T22:34:45.863Z",
        "dateUpdated": "2026-04-30T17:11:03.871Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0992 (GCVE-0-2026-0992)

    Vulnerability from cvelistv5 – Published: 2026-01-15 14:20 – Updated: 2026-04-22 09:31
    VLAI
    Title
    Libxml2: libxml2: denial of service via crafted xml catalogs
    Summary
    A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Date Public
    2026-01-15 00:00
    Credits
    Red Hat would like to thank Nick Wellnhofer for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0992",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-15T16:31:06.823175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-15T16:39:47.982Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.2-0.3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Nick Wellnhofer for reporting this issue."
            }
          ],
          "datePublic": "2026-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T09:31:04.354Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:7519",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7519"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-0992"
            },
            {
              "name": "RHBZ#2429975",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429975"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-15T13:29:32.742Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml2: libxml2: denial of service via crafted xml catalogs",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-0992",
        "datePublished": "2026-01-15T14:20:24.934Z",
        "dateReserved": "2026-01-15T13:34:08.872Z",
        "dateUpdated": "2026-04-22T09:31:04.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0989 (GCVE-0-2026-0989)

    Vulnerability from cvelistv5 – Published: 2026-01-15 14:20 – Updated: 2026-04-22 09:31
    VLAI
    Title
    Libxml2: unbounded relaxng include recursion leading to stack overflow
    Summary
    A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-01-15 00:00
    Credits
    Red Hat would like to thank lanbigking for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0989",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-15T16:31:12.583434Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-15T16:39:34.311Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.2-0.3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank lanbigking for reporting this issue."
            }
          ],
          "datePublic": "2026-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T09:31:01.948Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:7519",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7519"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-0989"
            },
            {
              "name": "RHBZ#2429933",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429933"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/998"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-15T12:36:12.129Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml2: unbounded relaxng include recursion leading to stack overflow",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, restrict applications using libxml2 from processing untrusted RelaxNG schema files. Implement strict input validation and sanitization for all RelaxNG schema inputs to prevent the parsing of maliciously crafted, deeply nested include directives."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-674: Uncontrolled Recursion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-0989",
        "datePublished": "2026-01-15T14:20:23.274Z",
        "dateReserved": "2026-01-15T12:38:51.419Z",
        "dateUpdated": "2026-04-22T09:31:01.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0990 (GCVE-0-2026-0990)

    Vulnerability from cvelistv5 – Published: 2026-01-15 14:20 – Updated: 2026-04-22 09:30
    VLAI
    Title
    Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing
    Summary
    A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-01-15 00:00
    Credits
    Red Hat would like to thank Nick Wellnhofer for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0990",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-15T16:31:20.247968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-15T16:39:20.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2-main",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.2-0.3.hum1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_core_services:1"
              ],
              "defaultStatus": "affected",
              "packageName": "libxml2",
              "product": "Red Hat JBoss Core Services",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Nick Wellnhofer for reporting this issue."
            }
          ],
          "datePublic": "2026-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T09:30:55.859Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:7519",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7519"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-0990"
            },
            {
              "name": "RHBZ#2429959",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429959"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-15T13:15:23.187Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-674: Uncontrolled Recursion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-0990",
        "datePublished": "2026-01-15T14:20:06.515Z",
        "dateReserved": "2026-01-15T13:15:10.756Z",
        "dateUpdated": "2026-04-22T09:30:55.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36236 (GCVE-0-2025-36236)

    Vulnerability from cvelistv5 – Published: 2025-11-13 22:01 – Updated: 2025-11-14 15:25
    VLAI
    Title
    AIX Path Traversal
    Summary
    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7251173 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM AIX Affected: 7.2
    Affected: 7.3
        cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*
        cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM VIOS Affected: 3.1
    Affected: 4.1
        cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36236",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T15:24:50.328671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-14T15:25:04.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"
              ],
              "product": "AIX",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2"
                },
                {
                  "status": "affected",
                  "version": "7.3"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*"
              ],
              "product": "VIOS",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system.\u003c/p\u003e"
                }
              ],
              "value": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T22:01:31.264Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7251173\"\u003ehttps://www.ibm.com/support/pages/node/7251173\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin:  https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "title": "AIX Path Traversal",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36236",
        "datePublished": "2025-11-13T22:01:31.264Z",
        "dateReserved": "2025-04-15T21:16:42.824Z",
        "dateUpdated": "2025-11-14T15:25:04.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36250 (GCVE-0-2025-36250)

    Vulnerability from cvelistv5 – Published: 2025-11-13 22:01 – Updated: 2026-02-26 16:56
    VLAI
    Title
    AIX Code Execution
    Summary
    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls.  This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7251173 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM AIX Affected: 7.2
    Affected: 7.3
        cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*
        cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM VIOS Affected: 3.1
    Affected: 4.1
        cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36250",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-15T04:56:16.988613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:58.500Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"
              ],
              "product": "AIX",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2"
                },
                {
                  "status": "affected",
                  "version": "7.3"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*"
              ],
              "product": "VIOS",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. \u0026nbsp;This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.\u003c/p\u003e"
                }
              ],
              "value": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. \u00a0This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-114",
                  "description": "CWE-114 Process Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T22:01:27.447Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7251173\"\u003ehttps://www.ibm.com/support/pages/node/7251173\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin:  https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "title": "AIX Code Execution",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36250",
        "datePublished": "2025-11-13T22:01:27.447Z",
        "dateReserved": "2025-04-15T21:16:44.886Z",
        "dateUpdated": "2026-02-26T16:56:58.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36096 (GCVE-0-2025-36096)

    Vulnerability from cvelistv5 – Published: 2025-11-13 22:01 – Updated: 2026-02-26 16:56
    VLAI
    Title
    AIX Insufficiently Protected Credentials
    Summary
    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7251173 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM AIX Affected: 7.2
    Affected: 7.3
        cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*
        cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM VIOS Affected: 3.1
    Affected: 4.1
        cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36096",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-15T04:56:16.309377Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:58.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"
              ],
              "product": "AIX",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2"
                },
                {
                  "status": "affected",
                  "version": "7.3"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*"
              ],
              "product": "VIOS",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T22:01:22.072Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7251173\"\u003ehttps://www.ibm.com/support/pages/node/7251173\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin:  https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "title": "AIX Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36096",
        "datePublished": "2025-11-13T22:01:22.072Z",
        "dateReserved": "2025-04-15T21:16:14.711Z",
        "dateUpdated": "2026-02-26T16:56:58.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36251 (GCVE-0-2025-36251)

    Vulnerability from cvelistv5 – Published: 2025-11-13 22:01 – Updated: 2026-02-26 16:56
    VLAI
    Title
    AIX Command Execution
    Summary
    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7251173 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM AIX Affected: 7.2
    Affected: 7.3
        cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*
        cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM VIOS Affected: 3.1
    Affected: 4.1
        cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-15T04:56:15.618808Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:59.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"
              ],
              "product": "AIX",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2"
                },
                {
                  "status": "affected",
                  "version": "7.3"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*"
              ],
              "product": "VIOS",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.\u003c/p\u003e"
                }
              ],
              "value": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-114",
                  "description": "CWE-114 Process Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T22:01:13.345Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7251173\"\u003ehttps://www.ibm.com/support/pages/node/7251173\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin:\u00a0 https://www.ibm.com/support/pages/node/7251173"
            }
          ],
          "title": "AIX Command Execution",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36251",
        "datePublished": "2025-11-13T22:01:13.345Z",
        "dateReserved": "2025-04-15T21:16:44.886Z",
        "dateUpdated": "2026-02-26T16:56:59.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62230 (GCVE-0-2025-62230)

    Vulnerability from cvelistv5 – Published: 2025-10-30 05:19 – Updated: 2026-04-20 13:50
    VLAI
    Title
    Xorg: xwayland: use-after-free in xkb client resource removal
    Summary
    A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:19432 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19433 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19434 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19435 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19489 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19623 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19909 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20958 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20960 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20961 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22040 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22051 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22055 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22056 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22077 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22164 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22167 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22364 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22426 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22427 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22667 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22742 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22753 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0031 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0033 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0034 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0036 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-62230 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2402653 issue-trackingx_refsource_REDHAT
    https://lists.x.org/archives/xorg-announce/2025-O…
    https://lists.debian.org/debian-lts-announce/2025…
    http://www.openwall.com/lists/oss-security/2025/10/28/7
    Impacted products
    Vendor Product Version
    X.Org Xwayland Affected: 0 , < 24.1.9 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:24.1.5-5.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:24.1.5-5.el10_1 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Unaffected: 0:1.1.0-25.el6_10.15 , < * (rpm)
        cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.20.4-33.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.8.0-36.el7_9.3 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:21.1.3-19.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.20.11-27.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.15.0-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.9.0-15.el8_2.15 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.20.6-5.el8_2 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.11.0-8.el8_4.14 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.20.10-3.el8_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.11.0-8.el8_4.14 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.20.10-3.el8_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.12.0-15.el8_8.16 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.20.11-17.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:21.1.3-12.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.12.0-15.el8_8.16 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.20.11-17.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:21.1.3-12.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.11-32.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.14.1-9.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:23.2.7-5.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.15.0-6.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:23.2.7-5.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.11-32.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.11.0-22.el9_0.16 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.20.11-12.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:21.1.3-4.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.12.0-14.el9_2.13 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.20.11-19.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:21.1.3-9.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.13.1-8.el9_4.8 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.20.11-27.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:22.1.9-7.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-10-29 00:00
    Credits
    Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62230",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T03:55:34.138515Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:53.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:14:18.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/10/28/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
              "defaultStatus": "unaffected",
              "packageName": "xwayland",
              "product": "Xwayland",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "24.1.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:24.1.5-5.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.1"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:24.1.5-5.el10_1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:6"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-25.el6_10.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.4-33.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-36.el7_9.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-19.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-27.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.15.0-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-15.el8_2.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.6-5.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.10-3.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.10-3.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-15.el8_8.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-17.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-12.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-15.el8_8.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-17.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-12.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-32.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.14.1-9.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.2.7-5.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.15.0-6.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.2.7-5.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-32.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-22.el9_0.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-12.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-4.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-14.el9_2.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-19.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-9.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.13.1-8.el9_4.8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/a:redhat:rhel_eus:9.4::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-27.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:22.1.9-7.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue."
            }
          ],
          "datePublic": "2025-10-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was discovered in the X.Org X server\u2019s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-20T13:50:16.428Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:19432",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19432"
            },
            {
              "name": "RHSA-2025:19433",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19433"
            },
            {
              "name": "RHSA-2025:19434",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19434"
            },
            {
              "name": "RHSA-2025:19435",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19435"
            },
            {
              "name": "RHSA-2025:19489",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19489"
            },
            {
              "name": "RHSA-2025:19623",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19623"
            },
            {
              "name": "RHSA-2025:19909",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19909"
            },
            {
              "name": "RHSA-2025:20958",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20958"
            },
            {
              "name": "RHSA-2025:20960",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20960"
            },
            {
              "name": "RHSA-2025:20961",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20961"
            },
            {
              "name": "RHSA-2025:21035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21035"
            },
            {
              "name": "RHSA-2025:22040",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22040"
            },
            {
              "name": "RHSA-2025:22041",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22041"
            },
            {
              "name": "RHSA-2025:22051",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22051"
            },
            {
              "name": "RHSA-2025:22055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22055"
            },
            {
              "name": "RHSA-2025:22056",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22056"
            },
            {
              "name": "RHSA-2025:22077",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22077"
            },
            {
              "name": "RHSA-2025:22096",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22096"
            },
            {
              "name": "RHSA-2025:22164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22164"
            },
            {
              "name": "RHSA-2025:22167",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22167"
            },
            {
              "name": "RHSA-2025:22364",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22364"
            },
            {
              "name": "RHSA-2025:22365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22365"
            },
            {
              "name": "RHSA-2025:22426",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22426"
            },
            {
              "name": "RHSA-2025:22427",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22427"
            },
            {
              "name": "RHSA-2025:22667",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22667"
            },
            {
              "name": "RHSA-2025:22729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22729"
            },
            {
              "name": "RHSA-2025:22742",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22742"
            },
            {
              "name": "RHSA-2025:22753",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22753"
            },
            {
              "name": "RHSA-2026:0031",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0031"
            },
            {
              "name": "RHSA-2026:0033",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0033"
            },
            {
              "name": "RHSA-2026:0034",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0034"
            },
            {
              "name": "RHSA-2026:0035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0035"
            },
            {
              "name": "RHSA-2026:0036",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0036"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-62230"
            },
            {
              "name": "RHBZ#2402653",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402653"
            },
            {
              "url": "https://lists.x.org/archives/xorg-announce/2025-October/003635.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-09T06:00:07.571Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-10-29T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Xorg: xwayland: use-after-free in xkb client resource removal",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-416: Use After Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-62230",
        "datePublished": "2025-10-30T05:19:40.445Z",
        "dateReserved": "2025-10-09T04:46:44.074Z",
        "dateUpdated": "2026-04-20T13:50:16.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62231 (GCVE-0-2025-62231)

    Vulnerability from cvelistv5 – Published: 2025-10-30 05:08 – Updated: 2026-04-20 13:50
    VLAI
    Title
    Xorg: xmayland: value overflow in xkbsetcompatmap()
    Summary
    A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:19432 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19433 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19434 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19435 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19489 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19623 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19909 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20958 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20960 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:20961 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22040 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22051 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22055 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22056 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22077 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22164 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22167 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22364 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22426 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22427 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22667 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22742 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:22753 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0031 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0033 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0034 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0036 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-62231 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2402660 issue-trackingx_refsource_REDHAT
    https://lists.x.org/archives/xorg-announce/2025-O…
    https://lists.debian.org/debian-lts-announce/2025…
    http://www.openwall.com/lists/oss-security/2025/10/28/7
    Impacted products
    Vendor Product Version
    X.Org Xwayland Affected: 0 , < 24.1.9 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:24.1.5-5.el10_0 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:24.1.5-5.el10_1 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Unaffected: 0:1.1.0-25.el6_10.15 , < * (rpm)
        cpe:/o:redhat:rhel_els:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.20.4-33.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.8.0-36.el7_9.3 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:21.1.3-19.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.20.11-27.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::crb
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.15.0-8.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.9.0-15.el8_2.15 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:1.20.6-5.el8_2 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.11.0-8.el8_4.14 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.20.10-3.el8_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.11.0-8.el8_4.14 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:1.20.10-3.el8_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
        cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.12.0-6.el8_6.15 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.20.11-6.el8_6 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:21.1.3-2.el8_6.5 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.12.0-15.el8_8.16 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:1.20.11-17.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:21.1.3-12.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.12.0-15.el8_8.16 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:1.20.11-17.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:21.1.3-12.el8_8 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8::appstream
        cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.11-32.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.14.1-9.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:23.2.7-5.el9_6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.15.0-6.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:23.2.7-5.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.20.11-32.el9_7 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.11.0-22.el9_0.16 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.20.11-12.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:21.1.3-4.el9_0 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.12.0-14.el9_2.13 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.20.11-19.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:21.1.3-9.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.13.1-8.el9_4.8 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.20.11-27.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
        cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:22.1.9-7.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-10-29 00:00
    Credits
    Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62231",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T03:55:34.992282Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:54.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:14:19.743Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/10/28/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
              "defaultStatus": "unaffected",
              "packageName": "xwayland",
              "product": "Xwayland",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "24.1.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:24.1.5-5.el10_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.1"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:24.1.5-5.el10_1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:6"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-25.el6_10.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.4-33.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-36.el7_9.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-19.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::crb",
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-27.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.15.0-8.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-15.el8_2.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.6-5.el8_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.10-3.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-8.el8_4.14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
                "cpe:/a:redhat:rhel_aus:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.10-3.el8_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-6.el8_6.15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-6.el8_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-2.el8_6.5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-15.el8_8.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-17.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-12.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-15.el8_8.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-17.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.8::appstream",
                "cpe:/a:redhat:rhel_e4s:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-12.el8_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-32.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.14.1-9.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.2.7-5.el9_6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.15.0-6.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.2.7-5.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-32.el9_7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-22.el9_0.16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-12.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-4.el9_0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.12.0-14.el9_2.13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-19.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:21.1.3-9.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "tigervnc",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.13.1-8.el9_4.8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream",
                "cpe:/a:redhat:rhel_eus:9.4::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.20.11-27.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "xorg-x11-server-Xwayland",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:22.1.9-7.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "xorg-x11-server",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue."
            }
          ],
          "datePublic": "2025-10-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was identified in the X.Org X server\u2019s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-20T13:50:20.474Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:19432",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19432"
            },
            {
              "name": "RHSA-2025:19433",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19433"
            },
            {
              "name": "RHSA-2025:19434",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19434"
            },
            {
              "name": "RHSA-2025:19435",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19435"
            },
            {
              "name": "RHSA-2025:19489",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19489"
            },
            {
              "name": "RHSA-2025:19623",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19623"
            },
            {
              "name": "RHSA-2025:19909",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19909"
            },
            {
              "name": "RHSA-2025:20958",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20958"
            },
            {
              "name": "RHSA-2025:20960",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20960"
            },
            {
              "name": "RHSA-2025:20961",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:20961"
            },
            {
              "name": "RHSA-2025:21035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21035"
            },
            {
              "name": "RHSA-2025:22040",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22040"
            },
            {
              "name": "RHSA-2025:22041",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22041"
            },
            {
              "name": "RHSA-2025:22051",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22051"
            },
            {
              "name": "RHSA-2025:22055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22055"
            },
            {
              "name": "RHSA-2025:22056",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22056"
            },
            {
              "name": "RHSA-2025:22077",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22077"
            },
            {
              "name": "RHSA-2025:22096",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22096"
            },
            {
              "name": "RHSA-2025:22164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22164"
            },
            {
              "name": "RHSA-2025:22167",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22167"
            },
            {
              "name": "RHSA-2025:22364",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22364"
            },
            {
              "name": "RHSA-2025:22365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22365"
            },
            {
              "name": "RHSA-2025:22426",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22426"
            },
            {
              "name": "RHSA-2025:22427",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22427"
            },
            {
              "name": "RHSA-2025:22667",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22667"
            },
            {
              "name": "RHSA-2025:22729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22729"
            },
            {
              "name": "RHSA-2025:22742",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22742"
            },
            {
              "name": "RHSA-2025:22753",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22753"
            },
            {
              "name": "RHSA-2026:0031",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0031"
            },
            {
              "name": "RHSA-2026:0033",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0033"
            },
            {
              "name": "RHSA-2026:0034",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0034"
            },
            {
              "name": "RHSA-2026:0035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0035"
            },
            {
              "name": "RHSA-2026:0036",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0036"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-62231"
            },
            {
              "name": "RHBZ#2402660",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402660"
            },
            {
              "url": "https://lists.x.org/archives/xorg-announce/2025-October/003635.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-09T06:41:16.314Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-10-29T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Xorg: xmayland: value overflow in xkbsetcompatmap()",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-62231",
        "datePublished": "2025-10-30T05:08:32.155Z",
        "dateReserved": "2025-10-09T04:46:44.074Z",
        "dateUpdated": "2026-04-20T13:50:20.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8732 (GCVE-0-2025-8732)

    Vulnerability from cvelistv5 – Published: 2025-08-08 16:32 – Updated: 2026-06-02 12:59 Disputed
    VLAI
    Title
    libxml2 xmlcatalog xmlParseSGMLCatalog recursion
    Summary
    A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a libxml2 Affected: 2.14.0
    Affected: 2.14.1
    Affected: 2.14.2
    Affected: 2.14.3
    Affected: 2.14.4
    Affected: 2.14.5
    Siemens RUGGEDCOM RST2428P Affected: 0 , < V4.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8732",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-08T17:04:09.914830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-08T17:12:15.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RST2428P",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T12:59:45.337Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "xmlcatalog"
              ],
              "product": "libxml2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.14.0"
                },
                {
                  "status": "affected",
                  "version": "2.14.1"
                },
                {
                  "status": "affected",
                  "version": "2.14.2"
                },
                {
                  "status": "affected",
                  "version": "2.14.3"
                },
                {
                  "status": "affected",
                  "version": "2.14.4"
                },
                {
                  "status": "affected",
                  "version": "2.14.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that \"[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all.\""
            },
            {
              "lang": "de",
              "value": "In libxml2 bis 2.14.5 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um die Funktion xmlParseSGMLCatalog der Komponente xmlcatalog. Durch Manipulieren mit unbekannten Daten kann eine uncontrolled recursion-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-08T16:32:06.990Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-319228 | libxml2 xmlcatalog xmlParseSGMLCatalog recursion",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.319228"
            },
            {
              "name": "VDB-319228 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.319228"
            },
            {
              "name": "Submit #622285 | LibXML2  xmlcatalog  the newest master stack overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.622285"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/958"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://drive.google.com/file/d/1woIeYVcSQB_NwfEhaVnX6MedpWJ_nqWl/view?usp=drive_link"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-08T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-08T09:55:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "libxml2 xmlcatalog xmlParseSGMLCatalog recursion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8732",
        "datePublished": "2025-08-08T16:32:06.990Z",
        "dateReserved": "2025-08-08T07:49:27.806Z",
        "dateUpdated": "2026-06-02T12:59:45.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }