Astra Linux - уязвимость в bcel

Apache Commons BCEL includes several APIs that typically only allow modifying specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to generate arbitrary bytecode. This could lead to abuse in applications that send attacker-controllable data to tho...

TencentOS Server 2: bcel (TSSA-2022:0287)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0287 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons BCEL

Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons BCEL. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions,...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Commons BCEL vulnerability (USN-7208-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7208-1 advisory. Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker...

USN-7208-1 bcel vulnerability

Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker supplying malicious input could exploit this to generate and execute arbitrary bytecode...

USN-7208-1: Apache Commons BCEL vulnerability

Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker supplying malicious input could exploit this to generate and execute arbitrary bytecode...

SUSE-RU-2024:3971-1 Recommended update for mojo-parent

This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets bsc1201684 - Changes and Bugs fixed: Java 8 is now the minimum requirement...

ROS-20240806-03

A vulnerability in the Java Apache Commons BCEL bytecode processing library is related to writing outside the boundaries of the buffer. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary code...

GLSA-202405-16 : Apache Commons BCEL: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202405-16 Apache Commons BCEL: Remote Code Execution - The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files...

Apache Commons BCEL: Remote Code Execution

Background The Byte Code Engineering Library Apache Commons BCEL™ is intended to give users a convenient way to analyze, create, and manipulate binary Java class files those ending with .class. Description A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier...

Oracle Application Testing Suite (April 2024 CPU)

The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps...

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Commons BCEL (CVE-2022-42920)

Summary IBM Sterling B2B Integrator uses Apache Commons BCEL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an...

CentOS 9 : bcel-6.4.1-9.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the bcel-6.4.1-9.el9 build changelog. - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds...

Rocky Linux 9 : bcel (RLSA-2023:0005)

The remote Rocky Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2023:0005 advisory. - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue...

Oracle WebCenter Portal Multiple Vulnerabilities (October 2023 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the October 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component:...

Oracle WebLogic Server (October 2023 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the October 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which provides a detailed severity rating, is available for each vulnerability from th...

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

CentOS: Security Advisory for bcel (CESA-2022:8958)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 7 : bcel (RHSA-2022:8958)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8958 advisory. - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issu...