Views:

Technical Analysis from the TrendAI Development Team by CVE

 
1. CVE-2025-6021: Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
  • CVSS 7.5 (High)
  • DSM 20.x is not affected as the function xmlbuildqname is not used by the product.

2. CVE-2025-6052: Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

  • CVSS 3.7 (Low)
  • DSM 20.x is not affected as Glib is not used by the product.

3. CVE-2025-7425: Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

  • CVSS 7.8 (High)
  • DSM 20.x is not affected as libxslt is not used by the product.

4. CVE-2025-12183: org.lz4:lz4-java - Out-of-Bounds Memory Access

  • CVSS 8.8 (High)
  • DSM 20.x is not affected as org.lz4:lz4-java is not used by the product.

5. CVE-2025-43368: Use-after-free Issue in Apple Safari

  • CVSS 6.5 (Medium)
  • DSM 20.x is not affected as this vulnerability only affects Apple Safari on iOS and ipadOS.

6. CVE-2025-47219: GStreamer information disclosure vulnerability

  • CVSS 5.6 (Medium)
  • DSM 20.x is not affected as GStreamer is not used by the product.

7. CVE-2026-21925: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI)

  • CVSS 4.8 (Medium)
  • DSM 20.x is not affected as this vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code and DSM does not allow users run untrusted code

8. CVE-2026-21932: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX)

  • CVSS 7.4 (High)
  • DSM 20.x is not affected as this vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code and DSM does not allow users run untrusted code

9. CVE-2026-21933: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking)

  • CVSS 6.1 (Medium)
  • DSM 20.x is not affected as this vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code and DSM does not allow users run untrusted code

10. CVE-2026-21945: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security)

  • CVSS 7.5 (High)
  • DSM 20.x is not affected as this vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code and DSM does not allow users run untrusted code

11. CVE-2026-21947: Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50

  • CVSS 3.1 (Low)
  • DSM 20.x is not affected as this vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code and DSM does not allow users run untrusted code
Keywords: TECHNICAL IMPACT STATEMENT: Deep Security Manager 20.x (Oracle Critical Patch January 2026)
Comments (0)