rpm package
almalinux/java-25-openjdk-jmods-fastdebug
pkg:rpm/almalinux/java-25-openjdk-jmods-fastdebug
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34282 | Hig | 7.5 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Apr 21, 2026 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 1 | |
| CVE-2026-34268 | Low | 2.9 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Apr 21, 2026 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle Gr | |
| CVE-2026-22021 | Med | 5.3 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Apr 21, 2026 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV | |
| CVE-2026-22018 | Low | 3.7 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Apr 21, 2026 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle G | |
| CVE-2026-22016 | Hig | 7.5 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Apr 21, 2026 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV | |
| CVE-2026-22013 | Med | 5.3 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Apr 21, 2026 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV | |
| CVE-2026-22008 | Low | 3.7 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Apr 21, 2026 | Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful atta | |
| CVE-2026-22007 | Low | 2.9 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Apr 21, 2026 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle Gr | |
| CVE-2026-33636 | Hig | 7.6 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Mar 26, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. Whe | |
| CVE-2026-33416 | Hig | 7.5 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Mar 26, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, | |
| CVE-2026-26740 | — | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Mar 18, 2026 | Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size. | ||
| CVE-2026-23865 | Med | 5.3 | < 1:25.0.3.0.9-1.el10_2 | 1:25.0.3.0.9-1.el10_2 | Mar 2, 2026 | An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2. | |
| CVE-2026-21945 | Hig | 7.5 | < 1:25.0.2.0.10-1.el10 | 1:25.0.2.0.10-1.el10 | Jan 20, 2026 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM | |
| CVE-2026-21933 | Med | 6.1 | < 1:25.0.2.0.10-1.el10 | 1:25.0.2.0.10-1.el10 | Jan 20, 2026 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle Graal | |
| CVE-2026-21925 | Med | 4.8 | < 1:25.0.2.0.10-1.el10 | 1:25.0.2.0.10-1.el10 | Jan 20, 2026 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for | |
| CVE-2025-65018 | — | < 1:25.0.2.0.10-1.el10 | 1:25.0.2.0.10-1.el10 | Nov 24, 2025 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_re | ||
| CVE-2025-64720 | — | < 1:25.0.2.0.10-1.el10 | 1:25.0.2.0.10-1.el10 | Nov 24, 2025 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images w |
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 1
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle Gr
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle G
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful atta
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle Gr
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. Whe
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`,
- CVE-2026-26740Mar 18, 2026affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.
- affected < 1:25.0.3.0.9-1.el10_2fixed 1:25.0.3.0.9-1.el10_2
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
- affected < 1:25.0.2.0.10-1.el10fixed 1:25.0.2.0.10-1.el10
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM
- affected < 1:25.0.2.0.10-1.el10fixed 1:25.0.2.0.10-1.el10
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle Graal
- affected < 1:25.0.2.0.10-1.el10fixed 1:25.0.2.0.10-1.el10
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for
- CVE-2025-65018Nov 24, 2025affected < 1:25.0.2.0.10-1.el10fixed 1:25.0.2.0.10-1.el10
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_re
- CVE-2025-64720Nov 24, 2025affected < 1:25.0.2.0.10-1.el10fixed 1:25.0.2.0.10-1.el10
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images w