BIT-JAVA-MIN-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

PT-2026-37752

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

Security Bulletin: IBM Planning Analytics Workspace is affected but not considered vulnerable to multiple vulnerabilities

Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to multiple vulnerabilities based on current information, in the following 3rd-party components: Node.js word-wrap CVE-2023-26115, Node.js semver CVE-2022-25883, Node,js dicer, CVE-2022-24434, Redis...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

Security Bulletin: IBM Sterling B2B Integrator vulnerable to remote code execution due to Apache Xalan Java XSLT (CVE-2022-34169)

Summary IBM Sterling B2B Integrator uses Apache Xalan Java XSLT. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: IBM Operational Decision Manager August 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-2047...

EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2022-2617)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Linux kernel is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2022-1012, CVE-2022-32250. OpenSSL is used by IBM Robotic Process Automation for Cloud Pak f...

Security Bulletin: Vulnerability found in Apache Xalan Java XSLT library may affect IBM Enterprise Records

Summary IBM Enterprise Records may be affected by vulnerability found in Apache Xalan Java XSLT library. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncatio...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2022:3152-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3152-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

Amazon Linux 2022 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2022-2022-112)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-112 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

Amazon Linux 2022 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2022-2022-119)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-119 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2022:2949-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2949-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

SUSE: Security Advisory (SUSE-SU-2022:2949-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2022:2898-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2898-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2022:2707-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2707-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2022:2610-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2610-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

Oracle Linux 9 : java-17-openjdk (ELSA-2022-5736)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5736 advisory. 1:17.0.4.0.8-0.2.ea - Revert the following changes until copy-java-configs has adapted to relative symlinks: - Move cacerts replacement to install...

Debian DSA-5192-1 : openjdk-17 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5192 advisory. Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in the execution of arbitrary Java bytecode or the bypass of the Java...