PT-2026-38773

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

BIT-JAVA-MIN-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

PT-2026-37752

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

Astra Linux - уязвимость в bcel

Apache Commons BCEL includes several APIs that typically only allow modifying specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to generate arbitrary bytecode. This could lead to abuse in applications that send attacker-controllable data to tho...

Astra Linux - уязвимость в openjdk-11, bcel

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

MiracleLinux 7 : bcel-5.2-19.0.1.el7.AXS7 (AXSA:2022-4486:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-4486:01 advisory. Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing CVE-2022-42920 Tenable has extracted the preceding description block directly from...

TencentOS Server 4: bcel (TSSA-2025:0575)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0575 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Commons BCEL vulnerability (USN-7208-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7208-1 advisory. Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker...

USN-7208-1 bcel vulnerability

Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker supplying malicious input could exploit this to generate and execute arbitrary bytecode...

USN-7208-1: Apache Commons BCEL vulnerability

Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker supplying malicious input could exploit this to generate and execute arbitrary bytecode...

Fedora 37 : bcel (2022-01a56f581c)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-01a56f581c advisory. Security fix: CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing Tenable has extracted the preceding description...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

CentOS 9 : bcel-6.4.1-9.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the bcel-6.4.1-9.el9 build changelog. - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds...

Rocky Linux 9 : bcel (RLSA-2023:0005)

The remote Rocky Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2023:0005 advisory. - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue...

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

EulerOS 2.0 SP5 : bcel (EulerOS-SA-2023-2137)

According to the versions of the bcel package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds...

Important: bcel

Issue Overview: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllab...