SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2022:4602-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4602-1 advisory. - In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of...

Fedora 36 : bcel (2022-0e358addb8)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-0e358addb8 advisory. Security fix: CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing Tenable has extracted the preceding description...

Security Bulletin: Vulnerability (CVE-2022-3676) in Eclipse Openj9 affects CICS Transaction Gateway Desktop Edition

Summary Eclipse Openj9 is used by CICS Transaction Gateway Desktop Edition. The fix removes vulnerability CVE-2022-3676 that could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass...

Dell Wyse Management Suite < 4.0 Multiple Vulnerabilities (DSA-2022-329)

The version of Dell Wyse Management Suite installed on the remote host is prior to 4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the DSA-2022-329 advisory. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not...

Scientific Linux Security Update : bcel on SL7.x (noarch) (2022:8958)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:8958-1 advisory. - Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing CVE-2022-42920 Note that Nessus has not tested for this issue but has instead...

bcel security update

0:5.2-19 - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves: CVE-2022-42920...

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

Important: Red Hat Security Advisory: bcel security update

An update for bcel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

RHEL 7 : bcel (RHSA-2022:8958)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8958 advisory. The Byte Code Engineering Library Apache Commons BCEL is intended to give users a convenient way to analyze, create, and manipulate binary Java class...

Oracle Linux 7 : bcel (ELSA-2022-8958)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8958 advisory. 0:5.2-19 - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves: CVE-2022-42920 Tenable has extracted the preceding description block directly...

RHEL 7 : rh-maven36-bcel (RHSA-2022:8959)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8959 advisory. The Byte Code Engineering Library Apache Commons BCEL is intended to give users a convenient way to analyze, create, and manipulate binary Java class...

SUSE SLES12 Security Update : bcel (SUSE-SU-2022:4331-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4331-1 advisory. - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an...

SUSE SLED15 / SLES15 Security Update : bcel (SUSE-SU-2022:4306-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4306-1 advisory. - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update July 2022

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to July 2022. IBM 8 SR7 FP15 1.8.0341. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An...

Wasmtime 安全漏洞

Wasmtime is a standalone WebAssembly and WASI-only wasm optimization runtime open-sourced by the Bytecode Alliance. A security vulnerability exists in versions of Wasmtime prior to 2.0.2 that stems from a data leak between instances in its pool allocator...

Out-of-bound Write

Apache Commons BCEL is vulnerable to Out-of-bound Write. The vulnerability is due to ConstantPool.java and ConstantPoolGen.java improperly handing MAXCPENTRIES which allows an attacker to pass data to specific APIs and control the resulting bytecode causing out-of-bound writes...

GHSA-97XG-PHPR-RG8Q Apache Commons BCEL vulnerable to out-of-bounds write

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those...

Apache Commons BCEL vulnerable to out-of-bounds write

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those...

CVE-2022-42920

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those...