Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2022-003)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0342.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2022-003 advisory. Generated code produced by C1 may leak a package-private class to a class from a differe...

Apache Xalan Input Validation Error Vulnerability

Apache Xalan is an open source software library from the Apache Foundation USA. Apache Xalan Java XSLT Stock in Input Validation Error vulnerability stems from an integer truncation issue when processing malicious XSLT stylesheets. The vulnerability can be exploited to corrupt Java class files...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2022-1822)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.16+8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1822 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package...

Important: java-17-amazon-corretto

Issue Overview: Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an arbitrary class. CVE-2022-21541 computeNextExponential sometimes returns negative numbers...

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

UBUNTU-CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

PT-2022-3956

Name of the Vulnerable Software and Affected Versions Apache Xalan Java XSLT library versions prior to 2.7.3 Description The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generat...

OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:0244)

Updated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.5.014 JRE and SDK conta...