Amazon Linux 2022 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2022-2022-121)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-121 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

Amazon Linux 2022 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2022-2022-119)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-119 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

Amazon Linux 2022 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2022-2022-120)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-120 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2022:2949-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2949-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2022:2898-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2898-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

Exploit for Incorrect Conversion between Numeric Types in Apache Xalan-Java

Description Checks if CVE-2022-34169 is fixed on your machine...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2022:2610-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2610-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

Oracle Linux 9 : java-1.8.0-openjdk (ELSA-2022-5709)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5709 advisory. 1.8.0.342.b07-1.0.1 - Replace upstream references Orabug: 34340145 1:1.8.0.342.b07-1 - Update to shenandoah-jdk8u342-b07 - Update release notes for...

Rocky Linux 8 : java-1.8.0-openjdk (RLSA-2022:5696)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5696 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are...

Rocky Linux 8 : java-11-openjdk (RLSA-2022:5683)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5683 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are...

Oracle Linux 9 : java-11-openjdk (ELSA-2022-5695)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5695 advisory. 1:11.0.16.0.8-1.0.1 - Replace upstream references Orabug: 34340155 1:11.0.16.0.8-1 - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use...

AlmaLinux 8 : java-11-openjdk (5683) (ALSA-2022:5683)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5683 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affecte...

Debian DSA-5188-1 : openjdk-11 - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5188 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected a...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2022-1823)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.16+8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1823 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2022-1822)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.16+8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1822 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package...

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

Security Bulletin: IBM Security Guardium is affected by an Apache Xalan-Java library vulnerability (CVE-2014-0107)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID: CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability t...

Security Bulletin: Vulnerability exists in Apache-Xalan-Java used in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2014-0107)

Summary A security bypass vulnerability has been discovered in Apache Xalan-Java libraries used by IBM Sterling B2B Integrator and IBM Sterling File Gateway. Vulnerability Details CVEID: CVE-2014-0107 Description: Apache Xalan-Java could allow a remote attacker to bypass security restrictions...

Security Bulletin: A vulnerability exists in Apache Xalan-Java prior to 2.7.2 as used in IBM Sterling Control Center 5.2 (CVE-2014-0107)

Summary IBM Sterling Control Center 5.2 utilizes Apache Xalan-Java that contains a vulnerability. Vulnerability Details CVE-ID: CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An...

Security Bulletin: Open Source Apache Xalan-Java reported in April X-Force Report in IBM Content Navigator

Summary Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. Vulnerability Details Apache...