Lucene search
+L

360 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 2:50 p.m.142 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute...

7.5CVSS7.8AI score0.33623EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/09/15 12:0 a.m.76 views

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2022-1836)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.342.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1836 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package...

7.5CVSS7.2AI score0.33623EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/09/09 12:0 a.m.47 views

SUSE SLES12: java-1_8_0-ibm / java-1_8_0-ibm-alsa / java-1_8_0-ibm-devel / etc (SUSE-SU-2022:3152-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3152-1 advisory. Note: the issues listed below were NOT fixed with the previous update 8.0-7.11. - Update to Java 8.0 Service Refresh 7 Fix Pack 15...

7.5CVSS6.8AI score0.33623EPSS
Exploits2References14
OSV
OSV
added 2022/09/07 12:19 p.m.16 views

SUSE-SU-2022:3152-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Note: the issues listed below were NOT fixed with the previous update 8.0-7.11. - Update to Java 8.0 Service Refresh 7 Fix Pack 15 bsc1202427: - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred...

7.5CVSS6.8AI score0.33623EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2022/09/07 12:0 a.m.44 views

Amazon Linux 2022 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2022-2022-112)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-112 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

7.5CVSS7.2AI score0.33623EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.55 views

Amazon Linux 2022 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2022-2022-121)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-121 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

7.5CVSS7AI score0.33623EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.36 views

Amazon Linux 2022 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2022-2022-111)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-111 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

7.5CVSS7.2AI score0.33623EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.59 views

Amazon Linux 2022 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2022-2022-119)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-119 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

7.5CVSS7.2AI score0.33623EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.45 views

Amazon Linux 2022 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2022-2022-113)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-113 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

7.5CVSS7AI score0.33623EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.46 views

Amazon Linux 2022 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2022-2022-120)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-120 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

7.5CVSS7.2AI score0.33623EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.57 views

SUSE SLES15: java-1_8_0-ibm / java-1_8_0-ibm-32bit / java-1_8_0-ibm-alsa / etc (SUSE-SU-2022:2949-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2949-1 advisory. - Updated to Java 8.0 Service Refresh 7 Fix Pack 11 bsc1202427: - CVE-2022-34169: Fixed an integer truncation issue i...

7.5CVSS6.8AI score0.33623EPSS
Exploits2References14
OpenVAS
OpenVAS
added 2022/09/01 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2022:2949-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.33623EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2022/08/26 12:0 a.m.44 views

SUSE SLES12: java-1_8_0-ibm / java-1_8_0-ibm-alsa / java-1_8_0-ibm-devel / etc (SUSE-SU-2022:2899-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2899-1 advisory. - Update to Java 8.0 Service Refresh 7 Fix Pack 11 bsc1202427: - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Jav...

7.5CVSS6.8AI score0.33623EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 2022/08/26 12:0 a.m.57 views

SUSE SLES12: java-1_7_1-ibm / java-1_7_1-ibm-alsa / java-1_7_1-ibm-devel / etc (SUSE-SU-2022:2898-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2898-1 advisory. - Updated to Java 7.1 Service Refresh 5 Fix Pack 15 bsc1202427: - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Ja...

7.5CVSS6.8AI score0.33623EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 2022/08/20 12:0 a.m.33 views

SUSE SLES15: java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc (SUSE-SU-2022:2856-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2856-1 advisory. - Updated to version jdk8u345 icedtea-3.24.0 - CVE-2022-21540: Fixed a potential Java sandbox bypass bsc1201694. -...

7.5CVSS7AI score0.33623EPSS
Exploits2References11
OSV
OSV
added 2022/08/19 11:4 a.m.15 views

OESA-2022-1849 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. T...

7.5CVSS6.6AI score0.33623EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2022/08/15 9:43 a.m.696 views

Exploit for Incorrect Conversion between Numeric Types in Apache Xalan-Java

Description Checks if CVE-2022-34169 is fixed on your machine...

7.5CVSS7.8AI score0.33623EPSS
Exploits2
OSV
OSV
added 2022/08/13 11:4 a.m.4 views

OESA-2022-1832 openjdk-latest security update

The OpenJDK runtime environment. Security Fixes: The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. T...

7.5CVSS6.6AI score0.33623EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2022/08/10 12:0 a.m.48 views

SUSE SLED15: java-11-openjdk / java-11-openjdk-accessibility / etc (SUSE-SU-2022:2707-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2707-1 advisory. Update to upstream tag jdk-11.0.16+8 July 2022 CPU - CVE-2022-21540: Improve class compilation...

7.5CVSS6.8AI score0.33623EPSS
Exploits2References10
OSV
OSV
added 2022/08/09 4:57 p.m.14 views

CLSA-2022-1660064249 Fix CVE(s): CVE-2022-21434, CVE-2022-21426, CVE-2022-21443, CVE-2022-34169, CVE-2022-21540, CVE-2022-21541, CVE-2022-21476, CVE-2022-21496

Backport upstream releases 8u342 and 8u332 to 16.04 LTS Security fixes in 8u342: - JDK-8272243: Improve DER parsing - JDK-8272249: Better properties of loaded Properties - JDK-8277608: Address IP Addressing - JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866, CVE-2022-21541:...

7.5CVSS6.9AI score0.33623EPSS
Exploits2References1
Rows per page
Query Builder